Security-Suite Syn Protection Threshold - Cisco 300 Series Cli Manual
Small business 300 series managed switches
command line interface guide release 1.3
Hide thumbs
Also See for 300 Series:
- Cli manual (1117 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
50
Denial of Service (DoS) Commands
01-Jan-2012 05:29:46: A TCP SYN Attack was identified on port gi1
The following example sets the TCP SYN protection feature to block
Example 2—
TCP SYN attack on ports if an attack is identified from these ports.
security-suite syn protection mode block
switchxxxxxx(config)#
...
01-Jan-2012 05:29:46: A TCP SYN Attack was identified on port gi1. TCP SYN
traffic destined to the local system is automatically blocked for 100
seconds.
50.11 security-suite syn protection threshold
Use the security-suite syn protection threshold Global Configuration mode
command to set the threshold for the SYN protection feature.
Use the no form of this command to set the threshold to its default value.
Syntax
syn-packet-rate
security-suite syn protection threshold
no security-suite syn protection threshold
Parameters
syn-packet-rate—Defines the rate from a specific port that triggers identification
of a TCP SYN attack. (Range: 20-200 Packets Per Second (pps))
Default Configuration
The default threshold is 80 pps (packets per second).
Command Mode
Global Configuration mode
Example
The following example sets the TCP SYN protection threshold to 40 pps.
switchxxxxxx(config)# security-suite syn protection threshold 40
852
78-21075-01 Command Line Interface Reference Guide
Advertisement
Table of Contents
