Configuration Guide DoS Protection Configuration
This filtering can only be configured on the direct link interface.
Apply ingress filtering on convergence-layer interface (uplink
port) will prevent Internet messages with various source IP
addresses from reaching the downlink hosts at the
convergence layer.
After configuring defeat DoS based ingress filtering, the no
command must be used to disable defeat DoS function in
order to modify the address of network interface.
Set up Ingress Filtering to Defend Against DoS Attack
To set up ingress filtering, run the following commands:
Ruijie# configure terminal
Enter global configuration mode.
Ruijie(config)# interface interface-id
Ruijie(config-if)# ip deny
spoofing-source
Ingress filtering function to defend
against disguised source IP based DoS
attacks. Drop all incoming messages
without consistent prefix with this
network interface. (Note: Only layer-3
interface can be configured with this
function)
Ruijie(config-if)# show running
interface interface-id
Verify the configuration of ingress
filtering.
Use the no ip deny spoofing-source command to disable the ingress filtering
function (for DoS attack protection) in the interface configuration mode.
To Next Page
Loading...
