(Sa) Commands - 3Com OfficeConnect 3C100XF Cli User's Manual

3com officeconnect 3c100xf: users guide

Hide thumbs Also See for OfficeConnect 3C100XF:

Quick start manual (12 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

page of 260

/ 260
Contents
Table of Contents
Bookmarks

Table of Contents

22-2

22: IPS

HAPTER

CLI Commands

Enable Command

enable ip security_option

OMMANDS

The enable ip_security option command has the following parameters.

drop_all_fragoffset1

drop_tcp_fragoffset1

disallow_all_header_options

disallow_source_route_options

This security feature also syslogs the event when the packet is dropped. See the

show packet_logging settings command for accounting data.

Disallow and drop commands work in conjunction with each other. The

disallow_source_route_options command is a subset of the

disallow_all_header_options command. If you enable the source route

command you must disable the all header command. But, enabling the more

inclusive all header value renders the source route command unnecessary

whether enabled or not. The same logic holds true for drop commands.

Each parameter of the enable ip_security option command allows global

filtering of all IP packets containing the following datagram fields. These datagram

fields, when found, cause the packet to be dropped.

fragment offset=1

partial TCP headers

all header options

source route options

fragment offset=1

Packets with an offset equal to one are discarded in accordance with RFC

1858. Some routers that may be used on the same network with the

OfficeConnect Gateway may be configured to filter out specific traffic. In

some cases these routers will not apply the filter correctly for IP packets with

an offset of 1. To avoid this limitation in the filtering mechanism, packets of

this type can be discarded. Of the two drop commands, this is the highest

level of security. The default is enabled

partial TCP headers (offset=1)

Protocol field in the IP packet header (in this case, TCP). Packets of this type

can be discarded. Lower level of security than All fragmented packets

(Drop_all_fragoffset1). The default is enabled

all header options

All choices in the IP Options field of the IP header. IP options may be

generated as an attack to get past routing tables. To avoid this limitation in

security, packets of this type can be discarded. Of the two disallow

commands, this is the highest level of security. The default is disabled

Table of Contents

(Sa) Commands - 3Com OfficeConnect 3C100XF Cli User's Manual

Related Manuals for 3Com OfficeConnect 3C100XF

Related Products for 3Com OfficeConnect 3C100XF

Table of Contents