Examples for defining a DoS class using ACLs
• Use the ip access-control-list command to enter the configuration mode of an
ACL. For example:
Gxxx-001(super)# ip access-control-list 301
• Use the ip-rule command to enter the configuration mode of an ACL rule. For example:
Gxxx-001(super)# ip-rule 1
• Use the dos-classification command to configure the name of the DoS attack
classification. Possible values are: fraggle, smurf, ip-spoofing, other-attack-100, other-
attack-101, other-attack-102, other-attack-103, other-attack-104, and other-attack-105.
For example:
Gxxx-001(super-ACL 301/ip rule 1)# dos-classification smurf
Done!
• Use destination-ip or ip-protocol commands to define the packet criteria to
which the ACL rule should apply. See Policy lists rule criteria on page 569.
You can use destination-ip to specify that the rule applies to packets with a specific
destination address and you can use ip-protocol to specify that the rule applies to
packets with a specific protocol:
Gxxx-001(super-ACL 301/ip rule 1)# destination-ip 255.255.255.255 0.0.0.0
Done!
Gxxx-001(super-ACL 301/ip rule 1)# ip-protocol icmp
Done!
• Use the composite-operation command to associate the ACL rule with the
predefined operation “deny-notify,” that tells the Branch Gateway to drop any packet
received that matches the ACL rule, and send a trap upon dropping the packet. For
example:
Gxxx-001(super-ACL 301/ip rule 1)# composite-operation deny-notify
Done!
• Use the following example to exit the ACL rule:
Gxxx-001(super-ACL 301/ip rule 1)# exit
• Use the following example to exit the ACL:
Gxxx-001(super-ACL 301)# exit
• An example for entering the configuration mode of the interface on which you want to
activate the ACL:
Gxxx-001(super)# interface vlan 203
• An example for activating the configured ACL for incoming packets on the desired
interface:
Gxxx-001(super-if:vlan 203)# ip access-group 301 in
Done!
Special security features
Administering Avaya G430 Branch Gateway October 2013 59
To Next Page
Loading...
