Cisco 300 Series Cli Manual page 840
Small business 300 series managed switches
command line interface guide release 1.3
Hide thumbs
Also See for 300 Series:
- Cli manual (1117 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
50
840
Parameters
global-rules-only—Specifies that all the security suite commands are global
commands only (they cannot be applied per-interface). This setting saves space
in the Ternary Content Addressable Memory (TCAM). If this keyword is not used,
security-suite commands can be used both globally on per-interface.
Default Configuration
The security suite feature is disabled.
If global-rules-only is not specified, the default is to enable security-suite globally
and per interfaces.
Command Mode
Global Configuration mode
User Guidelines
MAC ACLs must be removed before the security-suite is enabled. The rules can
be re-entered after the security-suite is enabled.
If ACLs or policy maps are assigned on interfaces, per interface security-suite
rules cannot be enabled.
Examples
Example 1 - The following example enables the security suite feature and
specifies that security suite commands are global commands only. When an
attempt is made to configure security-suite on a port, it fails.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
To perform this command, DoS Prevention must be enabled in the per-interface mode.
Example 2 - The following example enables the security suite feature globally and
on interfaces. The security-suite command succeeds on the port.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
security-suite enable global-rules-only
gi1
interface
security-suite dos syn-attack
security-suite enable
gi1
interface
security-suite dos syn-attack
78-21075-01 Command Line Interface Reference Guide
Denial of Service (DoS) Commands
199
any
/10
199
any
/10
Advertisement
Table of Contents
