Table of Contents
Advertisement
Configuring Security
Configuring DoS Protection
NOTE
STEP 1
STEP 2
STEP 3
STEP 4
Cisco 220 Series Smart Plus Switches Administration Guide Release 1.0.0.x
•
SYN-FIN and SYN-RST protections are enabled by default.
•
The default protection mode of SYN protection is Block and Report. The
default threshold is 80 SYN packets per second. The default period of
blocked port recovery to unblocked is 60 seconds.
Configuring DoS Security Suite Settings
Use the Security Suite Settings page to enable filtering of traffic. This protects the
network from a DoS and DDoS attacks.
Before activating DoS protection, you must unbind all ACLs or advanced QoS
policies that are bound to a port. ACL and advanced QoS policies are not active
when a port has DoS protection.
To set global DoS protection settings and monitor SCT:
Click Security > Denial of Service > Security Suite Settings.
The CPU Protection Mechanism field displays Enabled that indicates that SCT is
enabled.
Click Details beside the CPU Utilization field to go to the CPU Utilization page
and view CPU resource utilization information.
Click Edit beside the TCP SYN Protection field to go to the SYN Protection page
and enable this feature. See
In the Denial of Service Protection area, enable one or more of the following DoS
protection options and specify the threshold if necessary:
•
DA Equals SA
•
ICMP Frag Packets
•
ICMP Ping Maximum Length
•
IPv6 Minimum Frag Length
•
Land
•
Null Scan
•
POD
•
Smurf Netmask
•
TCP Source Port Less 1024
Configuring SYN Protection
16
for more details.
206
Advertisement
Table of Contents
