configure cpu-dos-protect
ExtremeWare Software 7.3.0 Command Reference Guide 779
configure cpu-dos-protect
configure cpu-dos-protect [alert-threshold <packets per second>]
[notice-threshold <packets per second>] [timeout <seconds>] [messages [on |
off]] [filter-precedence <number>] [filter-type-allowed {destination |
source | destination source} {protocol}]
Description
Configures denial of service protection.
Syntax Description
Default
The option defaults are:
• alert-threshold—4000
• notice-threshold—4000.
• timeout—15
• messages—on
• filter-precedence—10
• filter-type-allowed—destination
Usage Guidelines
This command configures denial of service protection for Extreme Networks switches. When heavy
traffic reaches the alert threshold, a hardware ACL is created that blocks the traffic for the timeout
number of seconds.
NOTE
If you set the filter-precedence to 0, the ACLs created by DoS protection will be overwritten by the
default VLAN QoS profile.
alert-threshold Configures the number of packets per second that the switch needs to receive
on a port for an ACL to be enabled. Range is 150 to 100,000 packets per
second. Default is 4000.
notice-threshold Configures the number of packets per second that the switch needs to receive
on a port for messages to be logged. Range is 150 to 100,000 packets per
second. Default is 4000.
timeout Configures a duration in seconds. Range is 2 to 300 seconds. Default is 15.
messages Configures messaging to be on or off. Default is on.
filter-precedence Configures the access list precedence. Default is 10.
filter-type-allowed Configures the type of access list allowed. Default is destination
destination Specifies that destination ACLs can be created
source Specifies that source ACLs can be created
protocol Specifies that an ACL will be created to block packets from a single protocol,
either TCP, UDP, or other.
To Next Page
Loading...