Denial of Service (DoS) Commands
OL-32830-01 Command Line Interface Reference Guide 374
16
switchxxxxxx(config)#
security-suite enable global-rules-only
switchxxxxxx(config)#
interface
gi11
switchxxxxxx(config-if)#
security-suite dos syn-attack
199 any /10
To perform this command, DoS Prevention must be enabled in the per-interface mode.
Example 2—The following example enables the security suite feature globally and
on interfaces. The security-suite command succeeds on the port.
switchxxxxxx(config)#
security-suite enable
switchxxxxxx(config)#
interface gi11
switchxxxxxx(config-if)#
security-suite dos syn-attack 199 any /10
switchxxxxxx(config-if)#
16.9 security-suite syn protection mode
To set the TCP SYN protection mode, use the security-suite syn protection mode
Global Configuration mode command.
To set the TCP SYN protection mode to default, use the no form of this command.
Syntax
For security-suite syn protection mode {disabled | report | block}
no security-suite syn protection mode
Parameters
• disabled—Feature is disabled
• report—Feature reports about TCP SYN traffic per port (including
rate-limited SYSLOG message when an attack is identified)
• block—TCP SYN traffic from attacking ports destined to the local system is
blocked, and a rate-limited SYSLOG message (one per minute) is generated
Default Configuration
The default mode is block.
Command Mode
Global Configuration mode
To Next Page
Loading...
