EasyManua.ls Logo

Extreme Networks ExtremeWare XOS Guide - Configuring Denial of Service Protection

Extreme Networks ExtremeWare XOS Guide
698 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Denial of Service Protection
ExtremeWare XOS 11.3 Concepts Guide
321
Configuring Denial of Service Protection
To enable or disable DoS protection, use the following commands:
enable dos-protect
disable dos-protect
After enabling DoS protection, the switch will count the packets handled by the CPU and periodically
evaluate whether to send a notification and/or create an ACL to block offending traffic. You can
configure a number of the values used by DoS protection if the default values are not appropriate for
your situation. The values that you can configure are:
intervalHow often, in seconds, the switch evaluates the DoS counter (default: 1 second)
alert threshold—The number of packets received in an interval that will generate an ACL (default:
4000 packets)
notify threshold—The number of packets received in an interval that will generate a notice (default:
3500 packets)
ACL expiration time—The amount of time, in seconds, that the ACL will remain in place (default: 5
seconds)
To configure the interval at which the switch checks for DoS attacks, use the following command:
configure dos-protect interval <seconds>
To configure the alert threshold, use the following command:
configure dos-protect type l3-protect alert-threshold <packets>
To configure the notification threshold, use the following command:
configure dos-protect type l3-protect notify-threshold <packets>
To configure the ACL expiration time, use the following command:
configure dos-protect acl-expire <seconds>
Configuring Trusted Ports
Traffic from trusted ports will be ignored when DoS protect counts the packets to the CPU. If we know
that a machine connected to a certain port on the switch is a safe "trusted" machine, and we know that
we will not get a DoS attack from that machine, the port where this machine is connected to can be
configured as a trusted port, even though a large amount of traffic is going through this port.
To configure the trusted ports list, use the following command:
configure dos-protect trusted-ports [ports [<ports> | all] | add-ports [<ports-to-add>
| all] | delete-ports [<ports-to-delete> | all] ]
Displaying DoS Protection Settings
To display the DoS protection settings, use the following command:
show dos-protect {detail}

Table of Contents

Related product manuals