Chapter 8
| General Security Measures
Port Isolation
– 310 –
IPv6 Invalid Source IP Address Disabled
IPv6 Invalid Destination IP Address Disabled
TCP Invalid Header Length Disabled
TCP Blat Block Disabled
TCP SYN URG Block Disabled
TCP SYN PSH Block Disabled
TCP SYN ACK PSH Block Disabled
TCP XMAS Scan Disabled
TCP NULL Scan Disabled
TCP SYN FIN Scan Disabled
TCP SYN RST Scan Disabled
TCP SYN Flood Disabled, rate-limit 1024 kbps
UDP Invalid Header Length Disabled
UDP Blat Block Disabled
UDP Flood Disabled, rate-limit 1024 kbps
ICMP Smurf Disabled
ICMP Ping of death Disabled
ICMP Nuke Disabled
ICMP Flood Disabled, rate-limit 1024 kbps
Other Echo/chargen Disabled, rate-limit 1024 kbps
Console#
Port Isolation
Port Isolation can be used to restrict the traffic types or protocol types allowed to pass
between specified ports. Isolating traffic to the required uplink and downlink ports can
prevent certain types of malicious attacks, and can also reduce the overall amount of traffic
crossing the switch.
port-isolation This command enables port isolation globally on the switch. Use the no form to
disable this feature.
Syntax
[no] port-isolation
Default Setting
Disabled
Command Mode
Global Configuration
Table 58: Commands for Configuring Port Isolation
Command Function Mode
port-isolation Enables port isolation globally on the switch GC
port-isolation join Assigns a profile to an uplink or downlink port GC
port-isolation profile Sets the traffic type or protocol type to include in a
profile
GC
show port-isolation Displays configured profiles and port assignments PE
To Next Page
Loading...
Need help?
General
