Denial of Service (DoS) Commands
OL-32830-01 Command Line Interface Reference Guide
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
To perform this command, DoS Prevention must be enabled in the per-interface mode.
Example 2—The following example enables the security suite feature globally and
on interfaces. The security-suite command succeeds on the port.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
switchxxxxxx(config-if)#
16.9 security-suite syn protection mode
To set the TCP SYN protection mode, use the security-suite syn protection mode
Global Configuration mode command.
To set the TCP SYN protection mode to default, use the no form of this command.
Syntax
For security-suite syn protection mode {disabled | report | block}
no security-suite syn protection mode
Parameters
•
disabled—Feature is disabled
•
report—Feature reports about TCP SYN traffic per port (including
rate-limited SYSLOG message when an attack is identified)
•
block—TCP SYN traffic from attacking ports destined to the local system is
blocked, and a rate-limited SYSLOG message (one per minute) is generated
Default Configuration
The default mode is block.
Command Mode
Global Configuration mode
security-suite enable global-rules-only
interface gi11
security-suite dos syn-attack 199 any /10
security-suite enable
interface gi11
security-suite dos syn-attack 199 any /10
16
374