To configure the alert threshold, use the following command:
configure dos-protect type l3-protect alert-threshold <packets>
To configure the notification threshold, use the following command:
configure dos-protect type l3-protect notify-threshold <packets>
To configure the ACL expiration time, use the following command:
configure dos-protect acl-expire <seconds>
Configuring Trusted Ports
Traffic from trusted ports will be ignored when DoS protect counts the packets to the CPU. If machines
on a port could never cause an attack of the switch, but could generate heavy traffic to the switch CPU,
trusted ports is a way to ensure the ports are not counted when checking for attacks.
To configure the trusted ports list, use the following command:
configure dos-protect trusted-ports [ports [<ports> | all] | add-ports [<ports-to-add>
| all] | delete-ports [<ports-to-delete> | all] ]
Display DoS Protection Settings
To display the DoS protection settings, use the following command:
show dos-protect {detail}
Management Access Security
Management access security features control access to the management functions available on the
switch. These features help insure that any configuration changes to the switch can be done only by
authorized users. In this category are the following features:
Authenticating Users Using RADIUS or TACACS+ on page 241
●
Secure Shell 2 on page 249
●
Authenticating Users Using RADIUS or TACACS+
ExtremeWare XOS provides three methods to authenticate users who login to the switch:
RADIUS
●
TACACS+
●
Local database of accounts and passwords
●
ExtremeWare XOS 11.1 Concepts Guide
Management Access Security
241