EasyManuals Logo

Cisco 7609 User Manual

Cisco 7609
572 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #349 background imageLoading...
Page #349 background image
24-3
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter 24 Configuring Denial of Service Protection
Configuring DoS Protection
When using security ACLs to drop DoS packets, note the following information:
• The security ACL must specify the traffic flow to be dropped.
• When adding a security ACL to block DoS packets to an interface that already has a security ACL
configured, you must merge the DoS security ACL with the existing security ACL.
• Security ACLs need to be configured on all external interfaces that require protection. Use the
interface range command to configure a security ACL on multiple interfaces.
The following example shows how a security ACL is used to drop DoS packets:
Router# clear mls ip mod 9
Router# show mls ip mod 9
Displaying Netflow entries in module 9
DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr
--------------------------------------------------------------------
Pkts Bytes Age LastSeen Attributes
---------------------------------------------------
199.1.1.1 199.2.1.1 0 :0 :0 0 : 0
1843 84778 2 02:30:17 L3 - Dynamic
199.2.1.1 199.1.1.1 0 :0 :0 0 : 0
2742416 126151136 2 02:30:17 L3 - Dynamic traffic flow identified
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# no access-list 199
Router(config)# access-list 199 deny ip host 199.1.1.1 any
Router(config)# access-list 199 permit ip any any
Router(config)# interface g9/1
Router(config-if)# ip access 199 in security ACL applied
Router(config-if)# end
Router#
1w6d: %SYS-5-CONFIG_I: Configured from console by console
Router# clear mls ip mod 9
Router# show mls ip mod 9
Displaying Netflow entries in module 9
DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr
--------------------------------------------------------------------
Pkts Bytes Age LastSeen Attributes
---------------------------------------------------
199.1.1.1 199.2.1.1 0 :0 :0 0 : 0
1542 70932 2 02:31:56 L3 - Dynamic
199.2.1.1 199.1.1.1 0 :0 :0 0 : 0
0 0 2 02:31:56 L3 - Dynamic hardware-forwarded
traffic stopped
Extended IP access list 199
deny ip host 199.1.1.1 any (100 matches)
permit ip any any
Router# show access-list 199
Extended IP access list 199
deny ip host 199.1.1.1 any (103 matches rate limiting at 0.5 pps
permit ip any any
Router #

Table of Contents

Other manuals for Cisco 7609

Preview: Datasheet
Datasheet5 pages
Preview: Frequently Asked Questions
Frequently Asked Questions5 pages
Preview: Installing
Installing22 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 7609 and is the answer not in the manual?

Cisco 7609 Specifications

General IconGeneral
Chassis Slots9
Switch Fabric Capacity720 Gbps
Power Supply OptionsAC or DC
Product TypeRouter
Form FactorRack-mountable
Supported Line CardsVarious Cisco 7600 Series line cards
Operating SystemCisco IOS
ManagementCLI, SNMP
Forwarding Performance400 Mpps
Maximum Power Consumption4000 Watts
RedundancyYes
Interfaces/PortsVarious, depending on line cards installed

Related product manuals