Configuring Security
Configuring DoS Protection
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 215
16
• SYN-FIN and SYN-RST protections are enabled by default.
• The default protection mode of SYN protection is Block and Report. The
default threshold is 60 SYN packets per second. The default period of port
recovery is 60 seconds.
Configuring DoS Security Suite Settings
Use the Security Suite Settings page to enable filtering of traffic. This protects the
network from a DoS and DDoS attacks.
NOTE Before activating DoS protection, you must unbind all ACLs or advanced QoS
policies that are bound to a port. ACL and advanced QoS policies are not active
when a port has DoS protection.
To set global DoS protection settings and monitor SCT:
STEP 1 Click Security > Denial of Service > Security Suite Settings.
The CPU Protection Mechanism field displays Enabled, which indicates that
SCT is enabled.
STEP 2 Click Details beside the CPU Utilization field to go to the CPU Utilization page
and view CPU resource utilization information.
STEP 3 Click Edit beside the TCP SYN Protection field to go to the SYN Protection page
and enable this feature. See Configuring SYN Protection for more details.
STEP 4 In the Denial of Service Protection area, enable one or more of the following DoS
protection options and specify the threshold if necessary:
• DA Equals SA
• ICMP Frag Packets
• ICMP Ping Maximum Length
• IPv6 Minimum Frag Length
• Land
• Null Scan
• POD
• Smurf Netmask
• TCP Source Port Less 1024
To Next Page
Loading...
