Home » Netgear Manuals » Hubs & Switches » Netgear GS752TS » Manual Viewer

Netgear GS752TS GS7xxTS-TPS Software Admin Manual - Page 48

Denial of Service TCP FIN&URG&PSH, Denial of Service TCP Flag &Sequence

Add to My Manuals
Save this manual to your list of manuals

Page 48 highlights

GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Denial of Service Max ICMPv6 Packet Size. Specify the maximum allowed IPv6 ICMP packet size. If ICMPv6 DoS prevention is enabled, the switch will drop IPv6 ICMP ping packets that have a size greater than this configured maximum ICMPv6 packet size. The range is 0 to 16376, and the default value (when enabled) is 512. • Denial of Service First Fragment. Enable or disable this option by selecting the appropriate radio button. Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller than the configured Min TCP Hdr Size. The factory default is Disable. • Denial of Service ICMP Fragment. Enable or disable this option by selecting the appropriate radio button. Enabling ICMP Fragment DoS prevention causes the switch to drop fragmented ICMP packets. The factory default is disabled. • Denial of Service SIP=DIP. Enable or disable this option by selecting the appropriate radio button. Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is Disable. • Denial of Service SMAC=DMAC. Enable or disable this option by selecting the appropriate radio button. Enabling SMAC=DMAC DoS prevention causes the switch to drop packets that have a source MAC address equal to the destination MAC address. The factory default is disabled. • Denial of Service TCP FIN&URG&PSH. Enable or disable this option by selecting the appropriate radio button. Enabling TCP FIN & URG & PSH DoS prevention causes the switch to drop packets that have TCP Flags FIN, URG, and PSH set and a TCP Sequence Number equal to 0. The factory default is disabled. • Denial of Service TCP Flag &Sequence. Enable or disable this option by selecting the appropriate radio button. Enabling TCP Flag DoS prevention causes the switch to drop packets that have TCP control flags set to 0 and TCP sequence number set to 0. The factory default is disabled. • Denial of Service TCP Fragment. Enable or disable this option by selecting the appropriate radio button. Enabling TCP Fragment DoS prevention causes the switch to drop packets that have a TCP payload where the IP payload length minus the IP header size is less than the minimum allowed TCP header size. The factory default is Disable. • Denial of Service TCP Offset. Enable or disable this option by selecting the appropriate radio button. Enabling TCP Offset DoS prevention causes the switch to drop packets that have a TCP header Offset=1. The factory default is disabled. • Denial of Service TCP Port. Enable or disable this option by selecting the appropriate radio button. Enabling TCP Port DoS prevention causes the switch to drop packets that have TCP source port equal to TCP destination port. The factory default is disabled. • Denial of Service TCP SYN. Enable or disable this option by selecting the appropriate radio button. Enabling TCP SYN DoS prevention causes the switch to drop packets that have TCP Flags SYN set and L4 source = 0-1023. The factory default is disabled. 48

Section	Page
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches	1
Contents	3
1. Getting Started	9
Getting Started with the Smart Switches	10
Switch Management Interface	10
Connecting the Switch to the Network	11
Switch Discovery in a Network with a DHCP Server	12
Switch Discovery in a Network without a DHCP Server	14
Configuring the Network Settings on the Administrative System	15
Web Access	16
Smart Control Center Utilities	17
Network Utilities	17
Configuration Upload and Download	19
Firmware Upgrade	20
Viewing and Managing Tasks	22
Understanding the User Interfaces	23
Using the Web Interface	23
Using SNMP	29
Interface Naming Convention	30
2. Configuring System Information	31
Management	31
System Information	32
Slot Information	33
IP Configuration	35
IPv6 Network Configuration	37
IPv6 Network Neighbor	38
Time	40
Denial of Service	45
DNS	49
Green Ethernet	51
Stacking	61
Stack Features	61
Firmware Synchronization and Upgrade	62
Configuration Maintenance	62
Stack Master Election	62
Factory Defaults Reset Behavior	63
Stack Configuration	63
Stack Port Configuration	66
Stack Port Diagnostics	68
Stack Firmware Synchronization	69
PoE/PoE+ (GS728TPS and GS752TPS Only)	70
PoE Configuration	70
PoE Port Configuration	72
SNMP	75
SNMPv1/v2	75
Trap Configuration	77
Trap Flags	78
SNMP Supported MIBs	79
SNMP v3 User Configuration	79
LLDP	80
LLDP Configuration	81
LLDP Port Settings	82
LLDP-MED Network Policy	83
LLDP-MED Port Settings	85
Local Information	86
Neighbors Information	88
Services — DHCP Snooping	92
DHCP Snooping Global Configuration	93
Interface Configuration	94
Binding Configuration	95
Persistent Configuration	97
Statistics	98
Timer Schedule (GS728TPS and GS752TPS Only)	99
Timer Global Configuration	99
Timer Schedule Configuration	100
3. Configuring Switching Information	102
Ports	102
Port Configuration	102
Flow Control	104
Link Aggregation Groups	105
LAG Configuration	105
LAG Membership	107
LACP Configuration	108
LACP Port Configuration	109
VLANs	110
VLAN Configuration	110
VLAN Membership Configuration	112
Port VLAN ID Configuration	113
MAC Based VLAN	114
Protocol Based VLAN Group Configuration	115
Protocol Based VLAN Group Membership	116
Voice VLAN	118
Voice VLAN Properties	118
Voice VLAN Port Setting	119
Voice VLAN OUI	120
Auto-VoIP	121
Spanning Tree Protocol	122
STP Switch Configuration	123
CST Configuration	125
CST Port Configuration	126
CST Port Status	128
Rapid STP	129
MST Configuration	130
MST Port Configuration	131
STP Statistics	134
Multicast	135
MFDB	135
Auto-Video Configuration	137
IGMP Snooping	138
IGMP Snooping Querier	144
MLD Snooping	147
Forwarding Database	156
MAC Address Table	156
Dynamic Address Configuration	158
Static MAC Address	159
4. Configuring Routing	160
Configuring IP Settings	160
IP Configuration	161
IP Statistics	162
Configuring VLAN Routing	165
VLAN Routing Wizard	165
VLAN Routing Configuration	167
Configuring Router Discovery	168
Router Discovery Configuration	168
Configuring and Viewing Routes	169
Configuring ARP	171
ARP Cache	172
ARP Create	173
Global ARP Configuration	174
ARP Entry Management	175
5. Configuring Quality of Service	177
Class of Service	177
Basic CoS Configuration	178
CoS Interface Configuration	179
Interface Queue Configuration	180
802.1p to Queue Mapping	182
DSCP to Queue Mapping	183
Differentiated Services	184
Defining DiffServ	184
Diffserv Configuration	185
Class Configuration	186
IPv6 Class Configuration	189
Policy Configuration	191
Service Configuration	195
Service Statistics	196
6. Managing Device Security	197
Management Security Settings	197
Change Password	198
RADIUS Configuration	199
Configuring TACACS+	204
Authentication List Configuration	207
Configuring Management Access	210
HTTP Configuration	211
Secure HTTP Configuration	212
Certificate Management	213
Certificate Download	214
Access Profile Configuration	215
Access Rule Configuration	217
Port Authentication	218
802.1X Configuration	219
Port Authentication	220
Port Summary	224
Traffic Control	225
MAC Filter Configuration	225
MAC Filter Summary	227
Storm Control	228
Port Security Configuration	230
Port Security Interface Configuration	231
Security MAC Address	232
Protected Ports Membership	233
Configuring Access Control Lists	234
ACL Wizard	235
MAC ACL	237
MAC Rules	238
MAC Binding Configuration	240
MAC Binding Table	241
IP ACL	242
IP Rules	243
IP Extended Rule	245
IPv6 ACL	248
IPv6 Rules	249
IP Binding Configuration	252
IP Binding Table	254
VLAN Binding Table	255
7. Monitoring the System	256
Ports	256
Switch Statistics	256
Port Statistics	259
Port Detailed Statistics	260
EAP Statistics	266
Cable Test	268
System Logs	270
Memory Logs	270
FLASH Log Configuration	272
Server Log Configuration	274
Trap Logs	276
Event Logs	277
Port Mirroring	278
Multiple Port Mirroring	278
8. Maintaining the System	280
Reset	280
Device Reboot	280
Factory Default	281
Upload File From Switch	282
TFTP File Upload	282
HTTP File Upload	283
Download File To Switch	284
TFTP File Download	285
HTTP File Download	287
File Management	288
Copy	288
Dual Image Configuration	289
Dual Image Status	291
Troubleshooting	292
Ping	292
Ping IPv6	293
Traceroute	294
9. Accessing Help	296
Online Help	296
Support	296
User Guide	297
Registration	298
A. Hardware Specifications and Default Values	300
Switch Specifications	300
GS728TS Specifications	300
GS728TPS Specifications	300
GS752TS Specifications	301
GS752TPS Specifications	301
Switch Performance	301
Switch Features and Defaults	302
Traffic Control	302
Quality of Service	303
Security	303
System Setup and Maintenance	304
System Management	304
Other Features	305
B. Configuration Examples	306
Virtual Local Area Networks (VLANs)	306
VLAN Example Configuration	307
Access Control Lists (ACLs)	308
MAC ACL Example Configuration	309
Standard IP ACL Example Configuration	310
Differentiated Services (DiffServ)	311
Class	312
DiffServ Traffic Classes	312
Creating Policies	313
DiffServ Example Configuration	314
802.1X	315
802.1X Example Configuration	317
MSTP	318
MSTP Example Configuration	320
Configuring VLAN Routing	322
Creating VLAN Routing Interfaces	322
C. Notification of Compliance	323

Match case Limit results 1 per page

GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches

•

Denial of Service Max ICMPv6 Packet Size

. Specify the maximum allowed IPv6

ICMP packet size. If ICMPv6 DoS prevention is enabled, the switch will drop IPv6

ICMP ping packets that have a size greater than this configured maximum ICMPv6

packet size. The range is 0 to 16376, and the default value (when enabled) is 512.

•

Denial of Service First Fragment

. Enable or disable this option by selecting the

appropriate radio button. Enabling First Fragment DoS prevention causes the switch

to drop packets that have a TCP header smaller than the configured Min TCP Hdr

Size. The factory default is Disable.

•

Denial of Service ICMP Fragment

. Enable or disable this option by selecting the

appropriate radio button. Enabling ICMP Fragment DoS prevention causes the switch

to drop fragmented ICMP packets. The factory default is disabled.

•

Denial of Service SIP=DIP

. Enable or disable this option by selecting the appropriate

radio button. Enabling SIP=DIP DoS prevention causes the switch to drop packets

that have a source IP address equal to the destination IP address. The factory default

is Disable.

•

Denial of Service SMAC=DMAC

. Enable or disable this option by selecting the

appropriate radio button. Enabling SMAC=DMAC DoS prevention causes the switch

to drop packets that have a source MAC address equal to the destination MAC

address. The factory default is disabled.

•

Denial of Service TCP FIN&URG&PSH

. Enable or disable this option by selecting

the appropriate radio button. Enabling TCP FIN & URG & PSH DoS prevention

causes the switch to drop packets that have TCP Flags FIN, URG, and PSH set and a

TCP Sequence Number equal to 0. The factory default is disabled.

•

Denial of Service TCP Flag &Sequence

. Enable or disable this option by selecting

the appropriate radio button. Enabling TCP Flag DoS prevention causes the switch to

drop packets that have TCP control flags set to 0 and TCP sequence number set to 0.

The factory default is disabled.

•

Denial of Service TCP Fragment

. Enable or disable this option by selecting the

appropriate radio button. Enabling TCP Fragment DoS prevention causes the switch

to drop packets that have a TCP payload where the IP payload length minus the IP

header size is less than the minimum allowed TCP header size. The factory default is

Disable.

•

Denial of Service TCP Offset

. Enable or disable this option by selecting the

appropriate radio button. Enabling TCP Offset DoS prevention causes the switch to

drop packets that have a TCP header Offset=1. The factory default is disabled.

•

Denial of Service TCP Port

. Enable or disable this option by selecting the

appropriate radio button. Enabling TCP Port DoS prevention causes the switch to

drop packets that have TCP source port equal to TCP destination port. The factory

default is disabled.

•

Denial of Service TCP SYN

. Enable or disable this option by selecting the

appropriate radio button. Enabling TCP SYN DoS prevention causes the switch to

drop packets that have TCP Flags SYN set and L4 source = 0–1023. The factory

default is disabled.