Cisco 7604 Configuration Manual page 520
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Understanding How DoS Protection Works
Router# show ip eigrp neighbors
IP-EIGRP neighbors for process 200
Router#
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# access-list 199 permit icmp any any echo
Router(config)# class-map match-any icmp
Router(config-cmap)# match access-group
Router(config-cmap)# exit
Router(config)# policy-map icmp
Router(config-pmap)# class icmp
Router(config-pmap-c)# police 96000 16000 16000 conform-action transmit exceed-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface range g4/1 - 9
Router(config-if-range)# service-policy input icmp
Router(config-if-range)# end
2w0d: %SYS-5-CONFIG_I: Configured from console by console
2w0d: %OSPF-5-ADJCHG: Process 100, Nbr 6.6.6.122 on Vlan46 from LOADING to FULL, Loading
Done
Router# show ip eigrp neighbors
IP-EIGRP neighbors for process 200
H
0
Router#
FIB Rate Limiting
The PFC2 CPU rate limiters are off by default.
Note
The forwarding information base (FIB) rate-limiting feature allows all packets that require software
processing to be rate limited.
This example shows traffic destined for a nonexistent host address on a locally connected subnet.
Normally, the ARP request would result in an ARP reply and the installation of a FIB adjacency for this
traffic. However, the adjacency in the FIB for the destination subnet would continue to receive traffic
that would be forwarded for software processing. By applying rate-limiting to this traffic, the rate of
traffic forwarded for software processing can be limited to a manageable amount.
Router# show ip eigrp neighbors
IP-EIGRP neighbors for process 200
H
Address
0
4.4.4.122
Router# show ip ospf neighbors
Neighbor ID
6.6.6.122
Router#
Router# show arp | include 199.2.250.250
Internet
199.2.250.250
Router#
1w6d: %OSPF-5-ADJCHG: Process 100, Nbr 6.6.6.122 on Vlan46 from FULL to DOWN, Neighbor Down: Dead
timer expired
Router# show ip eigrp neighbors
IP-EIGRP neighbors for process 200
Router#
Router# configure terminal
Enter configuration commands, one per line.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
36-4
Address
4.4.4.122
Interface
Vl44
Pri
State
Dead Time
1
FULL/BDR
00:00:36
0
Incomplete
End with CNTL/Z.
199
Interface
Hold Uptime
(sec)
Vl44
13 00:00:48
Hold Uptime
SRTT
RTO
(sec)
(ms)
11 00:00:26
8
200
Address
6.6.6.122
<===================== Note: attack starts
ARPA
End with CNTL/Z.
Chapter 36
Configuring Denial of Service Protection
<======== Note: policy applied
SRTT
RTO
Q
Seq Type
(ms)
Cnt Num
8
200
0
6565
Q
Seq Type
Cnt Num
0
6534
Interface
Vlan46
OL-4266-08
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
