EasyManuals Logo

Cisco SCE8000 Configuration Guide

Cisco SCE8000
262 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #199 background imageLoading...
Page #199 background image
10-11
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Configuring Attack Detectors
• Thresholds:
–
open-flows-rate — Default threshold for rate of open flows. suspected-flows-rate — Default
threshold for rate of suspected DDoS flows.
–
suspected-flows-ratio — Default threshold for ratio of suspected flow rate to open flow rate.
• Use the appropriate keyword to enable or disable subscriber notification by default:
–
notify-subscriber — Enable subscriber notification.
–
don't-notify-subscriber — Disable subscriber notification.
• Use the appropriate keyword to enable or disable sending an SNMP trap by default:
–
alarm — Enable sending an SNMP trap.
–
no-alarm — Disable sending an SNMP trap.
How to Define the Default Action and Optionally the Default Thresholds
Defaults
The default values for the default attack detector are:
• Action — Report
• Thresholds — Varies according to the attack type
• Subscriber notification — Disabled
• Sending an SNMP trap — Disabled
Step 1 From the SCE(config if)# prompt, type attack-detector default protocol (((TCP|UDP) [dest-port
(specific|not- specific|both)])|ICMP|other|all) attack-direction
(single-side-source|single-side-destination|single-side-both|dual-sided|all) side
(subscriber|network|both) [action (report|block)] [open-flows-rate number suspected-flows-rate
rate suspected-flows-ratio ratio] and press Enter.
Configures the default attack detector for the defined attack type.
Step 2 From the SCE(config if)# prompt, type attack-detector default protocol (((TCP|UDP) [dest-port
(specific|not- specific|both)])|ICMP|other|all) attack-direction
(single-side-source|single-side-destination|single-side-both|dual-sided|all) side
(subscriber|network|both) (notify-subscriber|don't-notify-subscriber)
and press Enter.
Enables or disables subscriber notification by default for the defined attack type.
The attack type must be defined the same as in Step 1.
Step 3 From the SCE(config if)# prompt, type attack-detector default protocol (((TCP|UDP) [dest-port
(specific|not- specific|both)])|ICMP|other|all) attack-direction
(single-side-source|single-side-destination|single-side-both|dual-sided|all) side
(subscriber|network|both) (alarm|no-alarm) and press Enter.
Enables or disables sending an SNMP trap by default for the defined attack type.
The attack type must be defined the same as in Step 1.

Table of Contents

Other manuals for Cisco SCE8000

Preview: Quick Start Guide
Quick Start Guide24 pages
Preview: Removal And Replacement Procedures
Removal And Replacement Procedures36 pages
Preview: Installing
Installing20 pages
Preview: Installation And Configuration Guide
Installation And Configuration Guide154 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco SCE8000 and is the answer not in the manual?

Cisco SCE8000 Specifications

General IconGeneral
BrandCisco
ModelSCE8000
CategoryNetwork Hardware
LanguageEnglish

Related product manuals