Denial of Service (DoS) Commands
78-21075-01 Command Line Interface Reference Guide
Syntax
security-suite deny icmp
{ip-address | any} {mask | /prefix-length}]}
no security-suite deny icmp
Parameters
•
ip-address | any—Specifies the destination IP address. Use any to specify
all IP addresses.
•
mask—Specifies the network mask of the IP address.
•
prefix-length—Specifies the number of bits that comprise the IP address
prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration
Echo requests are allowed from all interfaces.
If mask is not specified, it defaults to 255.255.255.255.
If prefix-length is not specified, it defaults to 32.
Command Mode
Interface Configuration (Ethernet, Port-channel) mode
User Guidelines
For this command to work,
and for interfaces.
This command discards ICMP packets with "ICMP type= Echo request" that
ingress the specified interface.
Example
The following example attempts to discard echo requests from an interface.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
To perform this command, DoS Prevention must be enabled in the per-interface mode.
{[add {ip-address | any} {mask | /prefix-length}] | [remove
security-suite enable
security-suite enable global-rules-only
gi1
interface
security-suite deny icmp add any /
must be enabled both globally
32
50
847