Denial of Service (DoS) Commands
365 OL-32830-01 Command Line Interface Reference Guide
16
If mask is not specified, it defaults to 255.255.255.255.
If prefix-length is not specified, it defaults to 32.
Command Mode
Interface (Ethernet, Port Channel) Configuration mode
User Guidelines
For this command to work, show security-suite configuration must be enabled
both globally and for interfaces.
This command discards ICMP packets with "ICMP type= Echo request" that
ingress the specified interface.
Example
The following example attempts to discard echo requests from an interface.
switchxxxxxx(config)#
security-suite enable global-rules-only
switchxxxxxx(config)#
interface gi11
switchxxxxxx(config-if)#
security-suite deny icmp add any /32
To perform this command, DoS Prevention must be enabled in the per-interface mode.
16.3 security-suite deny martian-addresses
To deny packets containing system-reserved IP addresses or user-defined IP
addresses, use the security-suite deny martian-addresses Global Configuration
mode command.
To restore the default, use the no form of this command.
Syntax
security-suite deny martian-addresses
{add {ip-address {mask | /prefix-length}} |
remove {ip-address {mask | /prefix-length}} (
Add/remove user-specified IP
addresses)
security-suite deny martian-addresses
reserved {add | remove} (
Add/remove
system-reserved IP addresses, see tables below)
no security-suite deny martian-addresses (This command removes addresses
reserved by security-suite deny martian-addresses
{add {ip-address {mask |