Configuring Dos Prevention - Cisco 300 Series Administration Manual

Security
Denial of Service Prevention
NOTE
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Prevent TCP connections from a specific interface (SYN Filtering page) and
rate limit the packets (SYN Rate Protection page)
• Configure the blocking of certain ICMP packets (ICMP Filtering page)
• Discard fragmented IP packets from a specific interface (IP Fragments
Filtering page)
• Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back
Orifice Trojan (Security Suite Settings page).
Dependencies Between Features
ACL and advanced QoS policies are not active when a port has DoS Protection
enabled on it. An error message appears if you attempt to enable DoS Prevention
when an ACL is defined on the interface or if you attempt to define an ACL on an
interface on which DoS Prevention is enabled.
A SYN attack cannot be blocked if there is an ACL active on an interface.
Default Configuration
The DoS Prevention feature has the following defaults:
• The DoS Prevention feature is disabled by default.
• SYN-FIN protection is enabled by default (even if DoS Prevention is
disabled).
• If SYN protection is enabled, the default protection mode is Block and
Report. The default threshold is 30 SYN packets per second.
• All other DoS Prevention features are disabled by default.

Configuring DoS Prevention

The following pages are used to configure this feature.
Security Suite Settings
Before activating DoS Prevention, you must unbind all Access Control Lists (ACLs)
or advanced QoS policies that are bound to a port. ACL and advanced QoS policies
are not active when a port has DoS Protection enabled on it.
To configure DoS Prevention global settings and monitor SCT:
18
359