Security
Denial of Service Prevention
364 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
18
- User Defined—Enter a port number.
- All Ports—Select to indicate that all ports are filtered.
STEP 4 Click Apply. The SYN filter is defined, and the Running Configuration file is
updated.
SYN Rate Protection
The SYN Rate Protection page
enables
limiting the number of SYN packets
received on the ingress port. This can mitigate the effect of a SYN flood against
servers, by rate limiting the number of new connections opened to handle
packets.
This feature is only available when the device is in Layer 2 system mode.
To define SYN rate protection:
STEP 1 Click Security > Denial of Service Prevention > SYN Rate Protection.
This page appears the SYN rate protection currently defined per interface.
STEP 2 Click Add.
STEP 3 Enter the parameters.
• Interface—Select the interface on which the rate protection is being
defined.
• IP Address—Enter the IP address for which the SYN rate protection is
defined or select All Addresses. If you enter the IP address, enter either the
mask or prefix length.
• Network Mask—Select the format for the subnet mask for the source IP
address, and enter a value in one of the field:
- Mask—Select the subnet to which the source IP address belongs and
enter the subnet mask in dotted decimal format.
- Prefix Length—Select the Prefix Length and enter the number of bits that
comprise the source IP address prefix.
• SYN Rate Limit—Enter the number of SYN packets that be received.
To Next Page
Loading...
Need help?
General
