[no] dosattack-check
ipv4-first-fragment enable
28.2.3 Anti Port Cheat Function Configuration Task Sequence
1. Enable the anti port cheat function
Global Mode
[no] dosattack-check
srcport-equal-dstport enable
dosattack-check ipv4-first-fragment
enable
28.2.4 Prevent TCP Fragment Attack Function Configuration
Task Sequence
1.Enable the prevent TCP fragment attack function
2.Configure the minimum permitted TCP head length of the packet
Command
Global Mode
[no] dosattack-check tcp-fragment
enable
dosattack-check tcp-header <size>
Command
Enable/disable checking IPv4 fragment. This
command has no effect when used separately,
but if this function is not enabled, the switch will
not drop the IPv4 fragment packet containing
unauthorized TCP labels.
Enable/disable the prevent-port-cheat function.
Enable/disable checking IPv4 fragment. This
command has no effect when used separately,
but if this function is not enabled, the switch will
not drop the IPv4 fragment packet whose
source port is equal to its destination port.
Explanation
Enable/disable the prevent TCP fragment
attack function.
Configure the minimum permitted TCP head
length of the packet. This command has no
effect when used separately, the user should
enable the dosattack-check tcp-fragment
enable.
28-2
Explanation