EasyManuals Logo

Cisco SCE8000 Configuration Guide

Cisco SCE8000
262 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #207 background imageLoading...
Page #207 background image
10-19
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Preventing and Forcing Attack Detection
Preventing Attack Filtering
Attack filtering can be prevented for a specified IP address and attack type by executing a dont-filter CLI
command. If filtering is already in process, it will be stopped. When attack filtering has been stopped, it
remains stopped until explicitly restored by another CLI command (either force-filter or no dont-filter).
• How to Configure a dont-filter Setting for a Specified Situation, page 10-19
• How to Remove a dont-filter Setting from a Specified Situation, page 10-19
• How to Remove All dont-filter Settings, page 10-19
How to Configure a dont-filter Setting for a Specified Situation
Step 1 From the SCE(config if)# prompt, type attack-filter dont-filter protocol (((TCP|UDP) [dest-port
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip ip-address)|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address)) side (subscriber|network|both) and press Enter.
How to Remove a dont-filter Setting from a Specified Situation
Step 1 From the SCE(config if)# prompt, type no attack-filter dont-filter protocol (((TCP|UDP) [dest-port
(port-number |not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|single-side-both) (ip
ip-address)|(dual-sided source-ip
source-ip-address destination-ip dest-ip-address)) side (subscriber|network|both) and press Enter.
How to Remove All dont-filter Settings
Step 1 From the SCE(config if)# prompt, type no attack-filter dont-filter all and press Enter.
Forcing Attack Filtering
Attack filtering can be forced for a specified IP address/protocol. If filtering is already in process, it will
be stopped. Forced attack filtering will continue until undone by an explicit CLI command (either no
force-filter or dont-filter).
• How to Configure a force-filter Setting for a Specified Situation, page 10-20
• How to Remove a force-filter Setting from a Specified Situation, page 10-20
• How to Remove All force-filter Settings, page 10-20

Table of Contents

Other manuals for Cisco SCE8000

Preview: Quick Start Guide
Quick Start Guide24 pages
Preview: Removal And Replacement Procedures
Removal And Replacement Procedures36 pages
Preview: Installing
Installing20 pages
Preview: Installation And Configuration Guide
Installation And Configuration Guide154 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco SCE8000 and is the answer not in the manual?

Cisco SCE8000 Specifications

General IconGeneral
BrandCisco
ModelSCE8000
CategoryNetwork Hardware
LanguageEnglish

Related product manuals