Denial Of Service (Dos) Commands; Security-Suite Deny Fragmented - Cisco 300 Series Cli Manual
Stackable managed switches
Hide thumbs
Also See for 300 Series:
- Cli manual (899 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
Denial of Service (DoS) Commands
OL-32830-01 Command Line Interface Reference Guide
16.0
16.1
security-suite deny fragmented
To discard IP fragmented packets from a specific interface, use the security-suite
deny fragmented Interface (Ethernet, Port Channel) Configuration mode
command.
To permit IP fragmented packets, use the no form of this command.
Syntax
security-suite deny fragmented
[remove {ip-address | any} {mask | /prefix-length}]}
no security-suite deny fragmented
Parameters
•
ip-address
add
specify all IP addresses.
•
mask—Specifies the network mask of the IP address.
•
prefix-length—Specifies the number of bits that comprise the IP address
prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration
Fragmented packets are allowed from all interfaces.
If mask is unspecified, the default is 255.255.255.255.
If prefix-length is unspecified, the default is 32.
Command Mode
Interface (Ethernet, Port Channel) Configuration mode
{[add {ip-address | any} {mask | /prefix-length}] |
any
|
—Specifies the destination IP address. Use any to
16
363
Advertisement
Table of Contents
