hit counter script

Security-Suite Deny Icmp - Cisco Sx350 Cli Manual

Hide thumbs Also See for Sx350:
Table of Contents

Advertisement

10
265
User Guidelines
For this command to work,
both globally and for interfaces.
Example
The following example attempts to discard IP fragmented packets from an
interface.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
To perform this command, DoS Prevention must be enabled in the per-interface mode.

10.2 security-suite deny icmp

To discard ICMP echo requests from a specific interface (to prevent attackers from
knowing that the device is on the network), use the security-suite deny icmp
Interface (Ethernet, Port Channel) Configuration mode command.
To permit echo requests, use the no form of this command.
Syntax
security-suite deny icmp
{ip-address | any} {mask | /prefix-length}]}
no security-suite deny icmp
Parameters
ip-address | any—Specifies the destination IP address. Use any to specify
all IP addresses.
mask—Specifies the network mask of the IP address.
prefix-length—Specifies the number of bits that comprise the IP address
prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration
Echo requests are allowed from all interfaces.
show security-suite configuration
security-suite enable global-rules-only
interface gi11
security-suite deny fragmented add any /32
{[add {ip-address | any} {mask | /prefix-length}] | [remove
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Denial of Service (DoS) Commands
must be enabled

Advertisement

Table of Contents
loading

Table of Contents