Security
Denial of Service Prevention
Cisco 500 Series Stackable Managed Switch Administration Guide 466
21
- 0.0.0.0/8 (Except 0.0.0.0/32 as a Source Address)—Addresses in
this block refer to source hosts on this network.
- 127.0.0.0/8—Used as the Internet host loopback address.
- 192.0.2.0/24—Used as the TEST-NET in documentation and example
codes.
- 224.0.0.0/4 (As a Source IP Address)—Used in IPv4 Multicast address
assignments, and was formerly known as Class D Address Space.
- 240.0.0.0/4 (Except 255.255.255.255/32 as a Destination
Address)—Reserved address range, and was formerly known as Class
E Address Space.
You can also add new Martian Addresses for DoS prevention. Packets that have a
Martian addresses are discarded.
To define Martian addresses:
STEP 1 Click Security > Denial of Service Prevention > Martian Addresses.
STEP 2 Select Reserved Martian Addresses and click Apply to include the reserved
Martian Addresses in the System Level Prevention list.
STEP 3 To add a Martian address click Add.
STEP 4 Enter the parameters.
• IP Version—Indicates the supported IP version. Currently, support is only
offered for IPv4.
• IP Address—Enter an IP addresses to reject. The possible values are:
-
From Reserved List
—Select a well-known IP address from the reserved
list.
-
New IP Address
—Enter an IP address.
• Mask—Enter the mask of the IP address to define a range of IP addresses to
reject. The values are:
-
Network Mask
—Network mask in dotted decimal format.
-
Prefix Length
—Enter the prefix of the IP address to define the range of IP
addresses for which Denial of Service prevention is enabled.
STEP 5 Click Apply. The Martian addresses are written to the Running Configuration file.
To Next Page
Loading...
Need help?
General
