Configuring Security
Denial of Service Prevention
Cisco Small Business 300 Series Managed Switch Administration Guide 229
16
Define SYN Rate Protection
The
SYN Rate Protection Page
enables
rate limiting the number of SYN packets on
the ingress. This mitigates the effect of Denial of Service attacks, such as a SYN
flood against servers, by rate limiting the number of new connections.
To define SYN rate protection:
STEP 1 Click Security > Denial of Service Prevention > SYN Rate Protection. The SYN
Rate Protection Page displays.
This page displays the SYN rate protection currently defined per interface.
STEP 2 Click Add. The Add SYN Rate Protection Page displays.
STEP 3 Enter the parameters.
• Interface—Select the interface on which the rate protection is being
defined.
• IP Address—Enter the IP address for which the SYN rate protection is
defined or select All Addresses. If you enter the IP address, enter either the
mask or prefix length.
• Network Mask—Select the format for the subnet mask for the source IP
address, and enter a value in one of the field:
- Mask—Select the subnet to which the source IP address belongs and
enter the subnet mask in dotted decimal format.
- Prefix Length—Select the Prefix Length and enter the number of bits that
comprise the source IP address prefix.
• SYN Rate Limit—Enter the number of SYN packets allowed.
STEP 4 Click Apply. The SYN rate protection is defined, and the switch is updated.
To Next Page
Loading...
