Cisco 220 Series Smart Plus Reference Manual page 440

Smart plus switches command line interface
Hide thumbs Also See for 220 Series Smart Plus:
Table of Contents

Advertisement

Security DoS Commands
security-suite dos (Global)
Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x
icmpv6-ping-max-check—Checks the maximum size of ICMPv6 ping
packets and drops the packets larger than the maximum packet size.
ipv6-min-frag-size-check—Checks the minimum size of IPv6 fragments and
drops the packets smaller than the minimum size.
land-deny—Drops the packets if the source IP address equals to the
destination IP address.
nullscan-deny—Drops the packets with NULL scan.
pod-deny—Avoids ping of death attack.
smurf-deny—Avoids smurf attack.
syn-sportl 1 024-deny—Drops SYN packets with sport less than 1024.
synfin-deny—Drops the packets with SYN and FIN bits set.
synrst-deny—Drops the packets with SYN and RST bits set.
tcp-frag-off-min-check—Drops the TCP fragment packets with offset
equals to one.
tcpblat-deny—Drops TCP fragment packets with offset equals to one.
tcphdr-min-check—Checks the minimum TCP header and drops the TCP
packets with the header smaller than the minimum size.
udpblat-deny—Drops the packets if the source UDP port equals to the
destination UDP port.
xma-deny—Drops the packets if the sequence number is zero, and the FIN,
URG and PSH bits are set.
icmp-ping-max-length
ICMPv4/ICMPv6 ping packets. (Range: 0 to 65535 bytes)
ipv6-min-frag-size-length
fragments. (Range: 0 to 65535 bytes)
smurf-netmask
length range: 0 to 32 bytes)
tcphdr-min-length
length. (Range: 0 to 31 bytes)
Default Configuration
All types of DoS protection are enabled in security suit by default.
MAX_LEN
—Specifies the maximum size of the
MIN_LEN
—Specifies the minimum size of IPv6
MASK
—Specifies the netmask of smurf attack. (Netmask
HDR_MIN_LEN
—Specifies the minimum TCP header
31
424

Advertisement

Table of Contents
loading

Table of Contents