Chapter 5: Switching Commands 569
no dos-control
tcpflag
This command sets disables TCP Flag Denial of Service protections.
dos-control l4port This command enables L4 Port Denial of Service protections. If the mode is
enabled, Denial of Service prevention is active for this type of attack. If packets
ingress having Source TCP/UDP Port Number equal to Destination TCP/UDP
Port Number, the packets will be dropped if the mode is enabled.
Some applications mirror source and destination L4 ports - RIP for example uses
520 for both. If you enable dos-control l4port, applications such as RIP may
experience packet loss which would render the application inoperable.
no dos-control
l4port
This command disables L4 Port Denial of Service protections.
dos-control
smacdmac
This command enables Source MAC address = Destination MAC address
(SMAC = DMAC) Denial of Service protection. If the mode is enabled, Denial of
Service prevention is active for this type of attack. If packets ingress with SMAC
= DMAC, the packets will be dropped if the mode is enabled.
Mode Global Config
Format
no dos-control tcpflag
Mode Global Config
Default disabled
Format
dos-control l4port
Mode Global Config
Format
no dos-control l4port
Mode Global Config
Default disabled
To Next Page
Loading...
