Security
Denial of Service Prevention
467 Cisco 500 Series Stackable Managed Switch Administration Guide
21
SYN Filtering
The SYN Filtering page
enables
filtering TCP packets that contain a SYN flag, and
are destined for one or more ports.
To define a SYN filter:
STEP 1 Click Security > Denial of Service Prevention > SYN Filtering.
STEP 2 Click Add.
STEP 3 Enter the parameters.
• Interface—Select the interface on which the filter is defined.
• IPv4 Address—Enter the IP address for which the filter is defined, or select
All Addresses.
• Network Mask—Enter the network mask for which the filter is enabled in IP
address format.
• TCP Port—Select the destination TCP port being filtered:
- Known Ports—Select a port from the list.
- User Defined—Enter a port number.
- All Ports—Select to indicate that all ports are filtered.
STEP 4 Click Apply. The SYN filter is defined, and the Running Configuration file is
updated.
SYN Rate Protection
The SYN Rate Protection page
enables
limiting the number of SYN packets
received on the ingress port. This can mitigate the effect of a SYN flood against
servers, by rate limiting the number of new connections opened to handle
packets.
This feature is only available when the device is in Layer 2 system mode in Sx300
and SG500 devices and in SG500X and SG500XG devices in Native mode.
To Next Page
Loading...
Need help?
General
