Configuring Denial of Service Protection
This chapter contains information on how to protect your Cisco 7600 series router against Denial of
Service (DoS) attacks. The information covered in this chapter is unique to the Cisco 7600 series routers,
and it supplements the network security information and procedures in the
Security"
publications:
Cisco IOS Security Configuration Guide, Release 12.2, at this URL:
•
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/fsecur_c.html
Cisco IOS Security Command Reference, Release 12.2, at this URL:
•
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
For complete syntax and usage information for the commands used in this chapter, refer to these
Note
publications:
The Cisco IOS Master Command List, Release 12.2SX at this URL:
•
http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html
The Release 12.2 publications at this URL:
•
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio
n_guides_list.html
This chapter consists of these sections:
Understanding How DoS Protection Works, page 36-2
•
•
DoS Protection Default Configuration, page 36-21
DoS Protection Configuration Guidelines and Restrictions, page 36-22
•
•
Understanding How Control Plane Policing Works, page 36-28
CoPP Default Configuration, page 36-28
•
•
CoPP Configuration Guidelines and Restrictions, page 36-28
Configuring CoPP, page 36-29
•
•
Monitoring CoPP, page 36-31
Defining Traffic Classification, page 36-32
•
OL-4266-08
chapter in this publication as well as the network security information and procedures in these
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
C H A P T E R
"Configuring Network
36
36-1