DES-1210-52/ME L2 Metro Ethernet Switch CLI Reference Guide
51
10
DOS PREVENTION COMMANDS
The DoS Prevention commands in the Command Line Interface (CLI) are listed (along with the
appropriate parameters) in the following table.
config dos_prevention
dos_type
[ {land_attack | blat_attack | smurf_attack | tcp_null_scan | tcp_xmascan |
tcp_synfin | tcp_syn_srcport_less_1024} | all] {action [ drop | mirror <port>
{priority <value (0-7)> | rx_rate [ no_limit | <value (64-1024000)> ] } ] | state
[enable | disable] ] }
{ land_attack | blat_attack | smurf_attack | tcp_null_scan | tcp_xmascan |
tcp_synfin | tcp_syn_srcport_less_1024 }
enable dos_prevention
trap_log
disable dos_prevention
trap_log
Each command is listed in detail, as follows:
config dos_prevention dos_type
Used to discard the L3 control packets sent to CPU from specific
ports.
config dos_prevention dos_type [ {land_attack | blat_attack |
smurf_attack | tcp_null_scan | tcp_xmascan | tcp_synfin |
tcp_syn_srcport_le
ss_1024} | all] {action [ drop | m
irror <port
> {priority <value (0-7)> | rx_rate [ no_limit | <value (64-
1024000)> ] } ] | state [enable | disable] ] }
The config dos_prevention dos_type command is used to
configure the prevention of DoS attacks, and includes state and
action. The packets matching will be used by the hardware. For a
specific type of attack, the content of the packet, regardless of the
receipt port or destination port, will be matched against a specific
pattern.
The type of DoS attack. Possible values are as follows:
land_attack, blat_attack, smurf_attack, tcp_null_scan, tcp_xmascan
tcp_synfin and tcp_syn_srcport_less_1024.
By default, prevention for all types of DoS are enabled except for
tcp_syn_srcport_less_1024.
action [drop | mirror] - When enabling DoS prevention, the following
actions can be taken.
drop – Drop the attack packets.
mirror – Mirror the packet to other port for further process.
priority <value (0-7)> – Change packet priority by the Switch from 0
to 7.
If the priority is not specified, the original priority will be used.
To Next Page
Loading...
