EasyManua.ls Logo

D-Link DES-1210-28/ME - DoS Prevention Commands; Configure DoS Prevention Type

D-Link DES-1210-28/ME
314 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
DES-1210-28/ME Metro Ethernet Managed Switch CLI Reference Guide
34
9
99
9
DOS PREVENTION COMMANDS
The DoS Prevention commands in the Command Line Interface (CLI) are listed (along with the
appropriate parameters) in the following table.
Command Parameter
config dos_prevention
dos_type
[ {land_attack | blat_attack | smurf_attack | tcp_null_scan | tcp_xmascan |
tcp_synfin | tcp_syn_srcport_less_1024} | all] {action [ drop | mirror <portlist>
{priority <value 0-7> | rx_rate [ no_limit | <value 64-1024000> ] } ] | enable |
disable ] }
show dos_prevention
{ land_attack | blat_attack | smurf_attack | tcp_null_scan | tcp_xmascan |
tcp_synfin | tcp_syn_srcport_less_1024 }
clear dos_prevention
counters
[land_attack | blat_attack | smurf_attack | tcp_null_scan | tcp_xmascan |
tcp_synfin | tcp_syn_srcport_less_1024]
enable dos_prevention
trap_log
disable dos_prevention
trap_log
Each command is listed in detail, as follows:
config dos_prevention dos_type
Purpose Used to discard the L3 control packets sent to CPU from specific
ports.
Syntax
config dos_prevention dos_type [ {land_attack | blat_attack |
smurf_attack | tcp_null_scan | tcp_xmascan | tcp_synfin |
tcp_syn_srcport_less_1024} | all] {action [ drop | mirror
<portlist> {priority <value 0-7> | rx_rate [ no_limit | <value 64-
1024000> ] } ] | enable | disable ] }
Description
The create snmp user command is used to configure the
prevention of DoS attacks, and includes state and action. The
packets matching will be used by the hardware. For a specific type
of attack, the content of the packet, regardless of the receipt port or
destination port, will be matched against a specific pattern.
Parameters The type of DoS attack. Possible values are as follows:
land_attack, blat_attack, smurf_attack, tcp_null_scan, tcp_xmascan
tcp_synfin and tcp_syn_srcport_less_1024.
state - Enable or disable DoS prevention.
By default, prevention for all types of DoS are enabled except for
tcp_syn_srcport_less_1024.
action - When enabling DoS prevention, the following actions can be
taken.
drop – Drop the attack packets.
mirror – Mirror the packet to other port for further process.

Table of Contents

Related product manuals