Configuring Security
Denial of Service Prevention
Cisco Small Business 300 Series Managed Switch Administration Guide 230
16
Define ICMP Filtering
The
ICMP Filtering Page
enables the blocking of ICMP packets from certain
sources. This can reduce the load on the network in case of an ICMP flood Denial
of Service attack.
To define ICMP filtering:
STEP 1 Click Security > Denial of Service Prevention > ICMP Filtering. The ICMP
Filtering Page displays.
This page displays the rules by which the ICMP packets are blocked on each
interface.
STEP 2 Click Add. The Add ICMP Filtering Page displays.
STEP 3 Enter the parameters.
• Interface—Select the interface on which the ICMP filtering is being defined.
• IP Address—Enter the IPv4 address for which the ICMP packet filtering is
activated or select All to block ICMP packets from all source addresses. If
you enter the IP address, enter either the mask or prefix length.
• Network Mask—Select the format for the subnet mask for the source IP
address, and enter a value in one of the field:
- Mask—Select the subnet to which the source IP address belongs and
enter the subnet mask in dotted decimal format.
- Prefix Length—Select the Prefix Length and enter the number of bits that
comprise the source IP address prefix.
STEP 4 Click Apply. The ICMP filtering is defined, and the switch is updated.
Define IP Fragmented Blocking
The
IP Fragmented Page
enables blocking fragmented IP packets.
To define fragmented IP blocking:
STEP 1 Click Security > Denial of Service Prevention > IP Fragments Filtering. The IP
Fragments Filtering Page displays.
This page displays the fragmented IP blocking per interface.
To Next Page
Loading...
