Cli Examples - Dell PowerConnect M6220 Configuration Manual

Table 3-1 describes the dos-control keywords.
Table 3-1. DoS Control
Keyword
firstfrag
icmp
l4port
sipdip
tcpflag
tcpfrag

CLI Examples

The commands shown below show how to enable DoS protection and view its status.
Example #1: Enabling all DOS Controls
console#configure
console(config)#dos-control sipdip
console(config)#dos-control firstfrag
console(config)#dos-control tcpfrag
console(config)#dos-control l4port
console(config)#dos-control icmp
console(config)#exit
Example #2: Viewing the DoS Configuration Information
console#show dos-control
SIPDIP Mode.................................... Enable
First Fragment Mode............................ Enable
Min TCP Hdr Size............................... 20
TCP Fragment Mode.............................. Enable
TCP Flag Mode.................................. Disable
L4 Port Mode................................... Enable
ICMP Mode...................................... Enable
Max ICMP Pkt Size.............................. 512
42
Switching Configuration
Meaning
Enabling First Fragment DoS prevention causes the switch to drop packets that
have a TCP header smaller then the configured Min TCP Hdr Size.
ICMP DoS prevention causes the switch to drop ICMP packets that have a type
set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size.
Enabling L4 Port DoS prevention causes the switch to drop packets that have
TCP/UDP source port equal to TCP/UDP destination port.
Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a
source IP address equal to the destination IP address.
Enabling TCP Flag DoS prevention causes the switch to drop packets that have
TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to
0 and TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and
TCP sequence number set to 0 or both TCP flags SYN and FIN set.
Enabling TCP Fragment DoS prevention causes the switch to drop packets that
have an IP fragment offset equal to 1.