Configuring Security
Configuring DHCP Snooping
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 218
16
-
Report
—Generates a SYSLOG message. The status of the port is
changed to Attacked when the threshold is passed.
-
Block and Report
—When a TCP SYN attack is identified, TCP SYN
packets destined for the system are dropped and the status of the port is
changed to Blocked.
• SYN Protection Threshold—Enter the number of SYN packets per second
before SYN packets will be blocked (deny SYN with MAC-to-me rule will be
applied on the port).
• SYN Protection Period—Enter the time in seconds before unblocking the
SYN packets (the deny SYN with MAC-to-me rule is unbound from the port).
STEP 3 Click Apply. The SYN Protection global settings are defined, and the Running
Configuration is updated.
Configuring DHCP Snooping
DHCP Snooping provides network security by filtering untrusted DHCP messages
and by building and by maintaining a DHCP Snooping binding database (table).
DHCP Snooping acts as a firewall between untrusted hosts and DHCP servers.
DHCP Snooping differentiates between untrusted interfaces connected to the end
user and trusted interfaces connected to the DHCP server or another switch.
NOTE DHCP Snooping is applicable only for the switch models with the country of
destination (-CN).
This section includes the following topics:
• Configuring DHCP Snooping Properties
• Configuring DHCP Snooping on VLANs
• Configuring DHCP Snooping Trusted Interfaces
• Querying DHCP Snooping Binding Database
• Viewing Option 82 Statistics
• Configuring Option 82 Interface Settings
• Configuring Option 82 Port CID Settings
To Next Page
Loading...
