Table of Contents
Advertisement
Chapter 5
Configuring the Management Interface and Security
How to Disable Automatic Fail-Over Mode
From the SCE(config if)# prompt, type no auto-fail-over and press Enter.
Step 1
Configuring Management Interface Security
•
•
•
Management security is defined as the capability of the SCE platform to cope with malicious
management conditions that might lead to global service failure. Resiliency to attacks on the
management port includes the following features:
•
•
•
There are two parallel security mechanisms:
•
•
Configuring the IP Fragment Filter
•
•
•
Options
The following options are available:
•
OL-7827-12
Configuring the IP Fragment Filter, page 5-9
Configuring the Permitted and Not-permitted IP Address Monitor, page 5-10
Monitoring Management Interface IP Filtering, page 5-11
The SCE platform remains stable during flooding attack.
The number of TCP/IP stack control protocol vulnerabilities is minimized.
The availability of reporting capabilities on attacks on the management port.
Automatic security mechanism — monitors the TCP/IP stack rate at 200 msec intervals and throttles
the rate from the device if necessary.
This mechanism always functions and is not user-configurable.
User-configurable security mechanism — accomplished via two IP filters at user-configurable
intervals:
–
IP fragment filter — Drops all IP fragment packets
–
IP filter monitor — Measures the rate of accepted and dropped packets for both permitted and
not-permitted IP addresses.
Options, page 5-9
How to Enable the IP Fragment Filter, page 5-10
How to Disable the IP Fragment Filter, page 5-10
enable/disable — Enable or disable IP fragment filtering
–
Default — disable
Configuring Management Interface Security
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
5-9
Advertisement
Table of Contents
