Configuration Guide DoS Protection Configuration
valid source IP addresses. ISP shall also use this function to prevent attack
messages from accessing Internet, while the network administrator of enterprises
(campus network) shall apply ingress filtering to ensure that the enterprise network
will not become the birthplace of such attacks.
Ruijie network switch adopts RFC2827-based ingress filtering rules to defend
against DoS attacks. The filtering is achieved through the automatic generation of
specific ACLs by the switch itself, and will not pile any pressure on network
forwarding.
Of course, you can also use the address binding or Dot1x function of Ruijie network
switch to achieve filtering effect, or by setting up ACLs.
Typical applications
A. ISP deploys ingress filtering on the access router to prevent messages with
disguised source IP from accessing ISP and Internet:
B. The enterprise network (campus network) deploys ingress filtering on layer-3
switch to prevent messages with disguised source IP from accessing enterprise
(campus) network:
To Next Page
Loading...
