Configuration Guide DoS Protection Configuration
Configure Ingress Filtering to Defend Against DoS Attack
Default configuration
The ingress filtering for defending against DoS attacks is disabled on all network
interfaces.
Precautions
Only layer-3 interfaces with network address can support ingress filtering for
defending against DoS attacks.
By enabling defeat DoS based ingress filtering on the designated layer-3 interface,
the system will automatically establish the corresponding ACL for the network
interface to restrict the access of disguised source IP, and apply the ACL to the
ingress of layer-3 interface.
For example: The network address on SVI 1 is 192.168.5.1/24. If “ip deny
spoofing-source” is configured in the interface configuration mode, the following ACL
will be generated automatically and applied to this interface.
permit 192.168.5.0 0.0.0.255
permit host 0.0.0.0 (This ACE permits the access of DHCP requests with source
address being 0.0.0.0)
deny any
To Next Page
Loading...
