Chapter 5: Switching Commands 575
dos-control
icmpfrag
This command enables ICMP Fragment Denial of Service protection. If the mode
is enabled, Denial of Service prevention is active for this type of attack. If packets
ingress having fragmented ICMP packets, the packets will be dropped if the
mode is enabled.
no dos-control
icmpfrag
This command disabled ICMP Fragment Denial of Service protection.
show dos-control This command displays Denial of Service configuration information.
Default disabled
Format
dos-control icmpfrag
Mode Global Config
Format
no dos-control icmpfrag
Mode Global Config
Format
show dos-control
Mode Privileged EXEC
Term Definition
First Fragment Mode The administrative mode of First Fragment DoS
prevention. When enabled, this causes the switch to
drop packets that have a TCP header smaller then
the configured Min TCP Hdr Size.
Min TCP Hdr Size The minimum TCP header size the switch will
accept if First Fragment DoS prevention is enabled.
ICMPv4 Mode The administrative mode of ICMPv4 DoS
prevention. When enabled, this causes the switch to
drop ICMP packets that have a type set to
ECHO_REQ (ping) and a size greater than the
configured ICMPv4 Payload Size.
To Next Page
Loading...
