Chapter 9
| General Security Measures
Denial of Service Protection
– 374 –
show ip arp inspection
vlan
This command shows the configuration settings for VLANs, including ARP
Inspection status, the ARP ACL name, and if the DHCP Snooping database is used
after ARP ACL validation is completed.
Syntax
show ip arp inspection vlan [vlan-id
| vlan-range]
vlan-id - VLAN ID. (Range: 1-4094)
vlan-range - A consecutive range of VLANs indicated by the use a hyphen,
or a random group of VLANs with each entry separated by a comma.
Command Mode
Privileged Exec
Command Usage
Enter this command to display the configuration settings for all VLANs, or display
the settings for a specific VLAN by entering the VLAN identifier.
Example
Console#show ip arp inspection vlan 1
VLAN ID DAI Status ACL Name ACL Status
-------- --------------- -------------------- --------------------
1 disabled sales static
Console#
Denial of Service Protection
A denial-of-service attack (DoS attack) is an attempt to block the services provided
by a computer or network resource. This kind of attack tries to prevent an Internet
site or service from functioning efficiently or at all. In general, DoS attacks are
implemented by either forcing the target to reset, to consume most of its resources
so that it can no longer provide its intended service, or to obstruct the
communication media between the intended users and the target so that they can
no longer communicate adequately.
This section describes commands used to protect against DoS attacks.
Table 64: DoS Protection Commands
Command Function Mode
dos-protection echo-chargen Protects against DoS echo/chargen attacks GC
dos-protection smurf Protects against DoS smurf attacks GC
dos-protection tcp-flooding Protects against DoS TCP-flooding attacks GC
dos-protection tcp-null-scan Protects against DoS TCP-null-scan attacks GC
dos-protection tcp-syn-fin-scan Protects against DoS TCP-SYN/FIN-scan attacks GC
To Next Page
Loading...
Need help?
General