User’s Guide FUJITSU PSWITCH
December/2018 107
TCP SYN :
• TCP Flag SYN set.
TCP SYN & FIN :
• TCP Flags SYN and FIN set.
TCP FIN & URG & PSH :
• TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0.
ICMPv6 :
• Limiting the size of ICMPv6 Ping packets.
ICMPv4 Fragment :
• Checks for fragmented ICMPv4 packets.
3.1.5.10. Storm Control
When Layer 2 frames are forwarded, broadcast, unknown unicast, and multicast
frames are flooded to all ports on the relevant virtual local area network (VLAN).
The flooding occupies bandwidth, and loads all nodes connected on all ports. Storm
control limits the amount of broadcast, unknown unicast, and multicast frames
accepted and forwarded by the switch.
3.1.5.11. Source Guard
3.1.5.11.1. IP Source Guard
IP Source Guard (IPSG) is a security feature that filters IP packets based on source
ID. The source ID may either be source IP address or a {source IP address, source
MAC address} pair. The network administrator configures whether enforcement
includes the source MAC address. The network administrator can configure static
authorized source IDs. The DHCP Snooping binding’s database and static IPSG
entries identify authorized source IDs. IPSG is enabled on physical and LAG ports.
IPSG is disabled by default.
If the network administrator enables IPSG on a port where DHCP snooping is
disabled or where DHCP snooping is enabled but the port is trusted, all IP traffic
received on that port is dropped depending upon the admin configured IPSG
entries. IPSG cannot be enabled on a port-based routing interface.
To Next Page
Loading...
Need help?
General
