Home » Netgear Manuals » Hubs & Switches » Netgear GSM4248P » Manual Viewer

Netgear GSM4248P User Manual - Page 545

Denial of Service TCP FIN&URG&PSH, Denial of Service TCP Flag&Sequence

Add to My Manuals
Save this manual to your list of manuals

Page 545 highlights

AV Line of Fully Managed Switches M4250 Series Main User Manual • Denial of Service ICMPv4: Enabling ICMPv4 DoS prevention causes the switch to drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv4 packet size. By default, this option is disabled. • Denial of Service Max ICMPv4 Packet Size: Specify the maximum ICMPv4 packet size allowed. If ICMPv4 DoS prevention is enabled, the switch drops ICMPv4 ping packets with a size greater than the configured value. The range is from 0 to 16376. The default value is 512. • Denial of Service ICMPv6: Enabling ICMPv6 DoS prevention causes the switch to drop ICMPv6 packets with a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv6 packet size. By default, this option is disabled. • Denial of Service Max ICMPv6 Packet Size: Specify the maximum ICMPv6 packet size allowed. If ICMPv6 DoS prevention is enabled, the switch drops ICMPv6 ping packets with a size greater than the configured value. The range is from 0 to 16376. The default value is 512. • Denial of Service First Fragment: Enabling first fragment DoS prevention causes the switch to check the DoS options on the first fragment of a fragmented IP packet. Otherwise, the switch ignores the first fragment of a fragmented IP packet. By default, this option is disabled. • Denial of Service ICMP Fragment: Enabling ICMP Fragment DoS prevention causes the switch to drop ICMP fragmented packets. By default, this option is disabled. • Denial of Service SIP=DIP: Enabling SIP=DIP DoS prevention causes the switch to drop packets with a source IP address equal to the destination IP address. By default, this option is disabled. • Denial of Service SMAC=DMAC: Enabling SMAC=DMAC DoS prevention causes the switch to drop packets with a source MAC address equal to the destination MAC address. By default, this option is disabled. • Denial of Service TCP FIN&URG&PSH: Enabling TCP FIN & URG & PSH DoS prevention causes the switch to drop packets with TCP flags FIN, URG, and PSH set and the TCP sequence number equal to 0. By default, this option is disabled. • Denial of Service TCP Flag&Sequence: Enabling TCP Flag DoS prevention causes the switch to drop packets with TCP control flags set to 0 and the TCP sequence number set to 0. By default, this option is disabled. • Denial of Service TCP Fragment: Enabling TCP Fragment DoS prevention causes the switch to drop packets with a TCP payload for which the IP payload length minus the IP header size is less than the minimum allowed TCP header size. By default, this option is disabled. • Denial of Service TCP Offset: Enabling TCP Offset DoS prevention causes the switch to drop packets with a TCP header offset set to 1. By default, this option is disabled. • Denial of Service TCP Port: Enabling TCP Port DoS prevention causes the switch to drop packets for which the TCP source port is equal to the TCP destination port. By default, this option is disabled. Manage Switch Security 545 Main User Manual

Section	Page
Contents	4
1. Get Started with the Main UI	22
Supported switches	23
Available publications and online help	23
Register your product	23
Main local browser UI overview	24
Log in to the main UI with a web browser	24
Log in to the main UI using the switch default IP address	25
Log in to the main UI with a known IP address	26
Main UI buttons and user-defined fields	26
Interface naming conventions	27
Save your settings to the running configuration	28
Main UI online help	28
Use the Device View in the Main UI	29
Set up SNMP access	31
2. Configure Switch System Information	34
Switch system information	35
View and configure switch system information	35
View the fan status	38
View the temperature sensor information	39
View the device status and firmware version	40
View the system CPU status	41
Configure the CPU thresholds	42
View or clear switch statistics	43
View USB device information	45
Loopback interface	46
IPv4 management interfaces and VLANs	47
Configure the IPv4 service port	48
Configure an IPv4 management VLAN	49
Configure an IPv4 management interface	52
IPv6 management interfaces and VLANs	53
Configure an IPv6 service port	54
Manage IPv6 addresses for the IPv6 service port	55
Configure an IPv6 management VLAN	56
Manage IPv6 addresses for the IPv6 management VLAN	59
Manage the IPv6 default route addresses for the IPv6 management VLAN	60
Configure an IPv6 management interface	61
Manage IPv6 addresses for the IPv6 management interface	63
Manage the IPv6 default route addresses for the IPv6 management interface	64
Time and SNTP settings	65
Configure the time setting manually	65
Configure the time settings with SNTP and configure the global SNTP settings	66
View the SNTP global status	69
Configure SNTP servers	71
Add an SNTP server	72
Change the settings for an existing SNTP server	74
Remove an SNTP server	74
Configure daylight saving time settings	75
View the daylight saving time status	77
Precision Time Protocol	79
Manage the global PTP settings	79
Manage the PTP interface settings	80
Domain Name System	81
Configure the global DNS settings and add a DNS server	81
Remove a DNS server	83
Configure and view host name-to-IP address information	84
Add a static entry to the dynamic host mapping table	84
Remove an entry from the dynamic host mapping table	85
Change the host name or IP address in an entry of the dynamic host mapping table, view all entries, or clear all entries	85
Switch database management template	86
Green Ethernet settings	88
Configure the global green Ethernet settings	88
Configure green Ethernet interface settings	89
Configure and display detailed green Ethernet settings for an interface	90
Display green Ethernet information for the link partner of an interface	93
Display the green Ethernet statistics summary	94
Configure and display the green Ethernet EEE LPI history for an interface	96
Bonjour settings	97
Enable or disable Bonjour	98
Display Bonjour information	98
IPv4 DHCP server	99
Configure a DHCP server	99
Manage DHCP pools	101
Create a DHCP pool	101
Change a DHCP pool	104
Remove a DHCP pool	105
Configure DHCP pool options	105
Display DHCP server statistics	106
Display the DHCP bindings	108
Delete one or all dynamic DHCP bindings	109
View bindings with DHCP conflicts	109
Delete one or all DHCP bindings with conflicts	111
DHCP relay and relay statistics	112
DHCP Layer 2 relay	113
Configure the global DHCP L2 relay settings	114
Configure a DHCP L2 relay interface	114
Display DHCP L2 relay interface statistics	116
UDP relay	117
Configure the global UDP relay settings and add a UDP switch configuration	117
Change a UDP switch configuration	119
Remove a UDP switch configuration	119
Add a UDP interface configuration	120
Change a UDP interface configuration	121
Remove a UDP switch configuration	122
DHCPv6 server	123
Enable the DHCPv6 server	123
Manage DHCPv6 pools	124
Create a DHCPv6 pool	124
Change a DHCPv6 pool	124
Delete a DHCPv6 pool	125
Manage DHCPv6 prefix delegation for pools	126
Create a DHCPv6 prefix delegation configuration for a pool	126
Change a DHCPv6 prefix delegation configuration for a pool	127
Delete a DHCPv6 prefix delegation configuration for a pool	128
Configure the DHCPv6 settings for an interface	129
Display the DHCPv6 bindings	130
Display DHCPv6 server statistics	131
Delete DHCPv6 statistics for one or all interfaces	134
DHCPv6 relay interface	135
Power over Ethernet	136
PoE concepts	136
Configure the global PoE settings	138
Configure the PoE ports settings	139
Power-cycle one or more PoE ports	143
Timer schedules	144
Create a timer schedule	144
Specify the settings for an absolute timer schedule	145
Specify the settings for a recurring timer schedule	146
Change the settings for a recurring timer schedule entry	148
Delete a timer schedule entry	149
Delete a timer schedule	150
Simple Network Management Protocol	151
Manage SNMPv1 and SNMPv2 communities	151
Add an SNMPv1 and SNMPv2 community	151
Change an existing SNMPv1 and SNMPv2 community	152
Delete an SNMPv1 and SNMPv2 community	153
Manage the SNMPv1 and SNMPv2 trap settings	153
Add an SNMPv1 or SNMPv2 trap configuration for a host	153
Change an SNMPv1 or SNMPv2 trap configuration for a host	155
Delete an SNMPv1 or SNMPv2 trap configuration for a host	155
Configure SNMPv1 and SNMPv2 trap flags	156
Display the supported MIBs	158
Manage SNMPv3 users	158
Add an SNMPv3 user account	158
Change an SNMPv3 user account	159
Delete an SNMPv3 user account	160
Link Layer Discovery Protocol	161
Configure the global LLDP settings	161
Configure LLDP interface settings	162
Display or clear LLDP statistics	163
Display LLDP local device information	165
Display LLDP remote device information	166
Display the LLDP remote device inventory	168
Link Layer Discovery Protocol for Media Endpoint Devices	169
Configure the global LLDP-MED settings	169
Configure LLDP-MED interface settings	170
Display LLDP-MED local device information	172
Display the LLDP-MED remote device information	174
Display the LLDP-MED remote device inventory	178
Link dependency	179
Configure a link dependency group	179
Configure or display upstream and downstream interfaces for a link dependency group	180
Clear all interfaces in a link dependency group	182
Industry Standard Discovery Protocol	183
Configure the global ISDP settings	183
Configure ISDP settings for an interface	185
Display or clear ISDP neighbor information	186
Display or clear ISDP statistics	187
3. Configure Switching Information	189
VLANs	190
Manage the VLAN configuration on the switch	190
Add a VLAN	190
Change a VLAN	191
Delete one or more VLANs	192
Reset the entire VLAN configuration to default setting	193
Change the internal VLAN allocation settings	193
Auto-Trunk overview	194
Enable or disable Auto-Trunks	195
Configure the switch port mode settings for interfaces	196
Configure membership interfaces for a VLAN	199
View the VLAN status on the switch	201
Change the port VLAN ID settings	202
Configure a MAC-based VLAN	205
Add a MAC-based VLAN configuration	205
Delete a MAC-based VLAN configuration	206
Configure a protocol-based VLAN group	206
Add a protocol-based VLAN group	207
Change a protocol-based VLAN group	208
Delete a protocol-based VLAN group	209
Configure membership interfaces for a protocol-based VLAN group	209
Configure an IP subnet-based VLAN	211
Add an IP subnet-based VLAN	211
Delete an IP subnet-based VLAN	212
Configure a double VLAN	212
Configure a voice VLAN	214
Configure Generic Attribute Registration Protocol	215
Configure GARP switch settings	216
Configure GARP settings for one or more interfaces	217
Auto-VoIP	218
Configure Auto-VoIP protocol-based settings	219
Configure the Auto-VoIP OUI-based properties	220
Configure the OUI-based interface settings	221
Manage the OUI table	222
Add an OUI prefix	223
Delete one or more OUI prefixes	223
Display the Auto-VoIP status	224
Spanning Tree Protocol	225
Configure the STP settings and display the STP status	226
Configure the CST settings and display the CST status	229
Configure the CST interface settings	231
Display the CST interface status	234
Manage MST instances	236
Add an MST instance and display the MST status	236
Change an MST instance	238
Delete an MST instance	238
Configure and display the interface settings for an MST instance	239
Display the STP interface statistics	242
Configure the PVST/RPVST VLAN settings	243
Change a PVST/RPVST VLAN configuration	245
Remove a PVST/RPVST VLAN configuration	246
Configure the PVST and RPVST interface settings	246
Display the PVST and RPVST statistics	248
Multicast forwarding database	249
Display the entries in the multicast forwarding database	249
Remove the IGMP snooping entries from the multicast forwarding database	250
Remove all known multicast MAC entries from the multicast forwarding database	251
Display the multicast forwarding database statistics	252
Internet Group Management Protocol snooping	253
Configure IGMP snooping automatically with IGMP Plus mode	254
Configure IGMP snooping manually	255
Configure the IGMP snooping settings for interfaces	257
Configure IGMP snooping for VLANs automatically with IGMP Plus mode	259
Configure IGMP snooping for VLANs manually	260
Configure an IGMP multicast router interface	262
Configure an IGMP multicast router VLAN	263
IGMP snooping querier overview	264
Configure the IGMP snooping querier global settings	264
Configure an IGMP snooping querier for a VLAN	265
Remove the IGMP snooping querier settings for a VLAN	267
Display the status of the IGMP snooping querier	268
Multicast Listener Discovery snooping	269
Configure MLD snooping automatically with MLD Plus mode	269
Configure MLD snooping manually	271
Configure the MLD snooping settings for interfaces	272
Configure MLD snooping for VLANs automatically with MLD Plus mode	274
Configure MLD snooping for VLANs manually	275
Remove the MLD snooping querier settings for a VLAN	277
Configure an MLD multicast router interface	278
Configure an MLD multicast router VLAN	279
Configure the MLD snooping querier global settings	280
Configure an MLD snooping querier for a VLAN	281
Remove the MLD snooping querier settings for a VLAN	283
Multicast VLAN registration	283
Configure the global MVR settings	284
Configure an MVR group	285
Remove an MVR group	286
Configure an MVR interface	287
Configure the interface members of an MVR group	288
Display the MVR statistics	289
MAC address table	290
View, search, or clear the MAC address table	290
Set the dynamic address aging interval	292
Add a static MAC address to the MAC address table	293
Remove a static MAC address from the MAC address table	293
Port settings	294
Configure and display the port settings	294
Add port, LAG, and VLAN descriptions	297
Display transceiver module information	299
Configure the port link flap settings	300
Link aggregation groups	301
Auto-LAG overview	302
Enable or disable Auto-LAGs	303
Configure the hash mode for Auto-LAGs	304
Configure the LAG settings	305
Configure a single LAG and its membership	307
802.1AS timing and synchronization	309
Configure and view the global 802.1AS settings	309
Configure the 802.1AS interface settings	311
View the 802.1AS statistics	313
Multiple Registration Protocol and 802.1Qav settings	315
Configure the global MRP settings	316
Configure 802.1Qav mapping	318
Configure the MRP interface settings	319
View or clear MMRP statistics	321
View or clear MVRP statistics	322
View or clear MSRP statistics	324
View the MSRP reservation settings	326
Configure and view the Qav settings for interfaces	328
View MSRP streams information	330
Loop protection	332
About loop protection	332
Configure the global loop protection settings	334
Configure the loop protection settings for interfaces and display the loop protection state	335
4. Manage Routing	337
Routing concepts	338
Routing table, routes and route preferences	338
Configure a route and display learned routes	338
Delete a route	340
Specify route preferences	341
IPv4 routing	342
Manage the global IPv4 routing settings	342
Display the IPv4 statistics	344
Configure IPv4 routing interfaces	347
Delete the routing IP address from an IPv4 routing interface	350
Configure a secondary IP address for an IPv4 routing interface	351
Delete the secondary IP address from an IPv4 routing interface	352
IPv6 routing	353
Manage the global IPv6 routing settings	353
Display the IPv6 route table	354
Configure IPv6 routing interfaces	355
Configure prefix settings for an IPv6 routing interface	358
Delete a prefix setting from an IPv6 routing interface	360
Display the IPv6 and ICMPv6 statistics for an IPv6 routing interface	361
Display the IPv6 neighbor table or clear IPv6 neighbor entries	366
Configure IPv6 static routes	368
Delete an IPv6 static route	370
Configure the IPv6 route preference for the switch	370
Configure IPv6 tunnels	371
Delete an IPv6 tunnel	373
Routing VLANs	373
Create a routing VLAN with the VLAN static routing wizard	374
Configure routing for an existing VLAN	375
Remove the routing function from a VLAN	376
Address Resolution Protocol	377
Display the ARP entries in the ARP cache	378
Add or change a static entry in the ARP table	379
Delete a static ARP entry	380
Configure the ARP table settings or remove entries from the table	381
Routing Information Protocol	383
Enable or disable RIP on the switch	384
Configure the global RIP settings for the switch	384
Configure RIP interface settings	386
Configure the RIP route redistribution settings and display the route redistribution summary	388
Router discovery and router advertisements	390
5. Configure Multicast Routing	393
IPv4 multicast routing and the IPv4 multicast route table	394
Display the IPv4 multicast route table	394
Add static multicast entries to the IPv4 Mroute table	395
Delete a static multicast entry from the IPv4 Mroute table	396
Configure global multicast settings for the switch	397
Configure a multicast interface	398
IGMP for IPv4 multicast routing	399
Configure the global IGMP settings for the switch	399
Configure an IGMP routing interface	400
Display the statistics for the IGMP routing interfaces	402
Display the IGMP groups and search the IGMP group database	403
Display the IGMP membership information and search the IGMP membership database	405
Configure an IGMP proxy interface	407
Display the statistics for the IGMP proxy interface	408
Display the IGMP proxy membership and search the IGMP proxy membership database	410
PIM for IPv4 multicast routing	411
Configure the global PIM IPv4 settings on the switch	412
Add IPv4 PIM-SSM groups	412
Delete an IPv4 PIM-SSM group	413
Configure an IPv4 PIM interface	414
Display IPv4 PIM neighbors and search the PIM neighbor database	416
Add an IPv4 PIM candidate rendezvous point configuration	417
Delete an IPv4 PIM candidate rendezvous point configuration	418
Configure an interface as an IPv4 PIM bootstrap router candidate	419
Delete an IPv4 PIM bootstrap router candidate configuration	420
Configure a static IPv4 PIM rendezvous point for a group	421
Delete a static IPv4 PIM rendezvous point configuration	422
Static multicast routes for IPv4 addresses	422
Configure static multicast routes for IPv4 addresses	422
Delete a static multicast route for an IPv4 address	423
Multicast admin boundaries for IPv4 addresses	424
Configure an interface as a multicast admin boundary	424
Delete a multicast admin boundary configuration for an interface	425
IPv6 multicast routing and the IPv6 multicast route table	426
Display the IPv6 multicast route table	426
PIM for IPv6 multicast routing	428
Configure the global PIM IPv6 settings on the switch	428
Add IPv6 PIM-SSM groups	429
Delete an IPv6 PIM-SSM group	430
Configure an IPv6 PIM interface	430
Display IPv6 PIM neighbors and search the PIM neighbor database	432
Add an IPv6 PIM candidate rendezvous point configuration	433
Delete an IPv6 PIM candidate rendezvous point configuration	434
Configure an interface as an IPv6 PIM bootstrap router candidate	435
Delete an IPv6 PIM bootstrap router candidate configuration	436
Configure a static IPv6 PIM rendezvous point for a group	437
Delete a static IPv6 PIM rendezvous point configuration	438
MLD for IPv6 multicast routing	439
Configure the global MLP settings for the switch	439
Configure an MLD routing interface	440
Display the statistics for the MLD routing interfaces	442
Display the MLD groups and search the MLD group database	443
Display or clear MLD traffic statistics	445
Configure an MLD proxy interface	446
Display the statistics for the MLD proxy interface	447
Display the MLD proxy membership and search the MLD proxy membership database	449
Static multicast routes for IPv6 addresses	450
Configure static multicast routes for IPv6 addresses	451
Delete a static multicast route for an IPv6 address	452
6. Configure Quality of Service	453
Quality of Service concepts	454
Class of Service	454
CoS configuration concepts	454
Configure the CoS trust mode settings globally or for a specific interface	455
Map 802.1p priorities to queues	456
Map DSCP values to queues	458
Configure the CoS interface settings for an interface	458
Configure CoS queue settings for an interface	460
Configure the CoS WRED precedence settings for dropping packets	462
Differentiated Services	464
Defining DiffServ	464
DiffServ wizard overview	465
Use the DiffServ wizard to create a traffic class and policy for one or more interfaces	466
Configure the DiffServ mode and display the entries in the DiffServ private MIB tables	467
Configure a DiffServ class	468
Add and configure a DiffServ class	469
Rename an existing DiffServ class	473
Change the criteria for an existing DiffServ class	473
Delete a DiffServ class	474
Configure an IPv6 DiffServ class	475
Add and configure an IPv6 DiffServ class	475
Rename an existing IPv6 DiffServ class	478
Change the criteria for an existing IPv6 DiffServ class	478
Delete an IPv6 DiffServ class	479
Configure a DiffServ policy	480
<<TBD>>Create and configure a DiffServ policy	480
Rename an existing DiffServ policy	486
Change the policy attributes for an existing DiffServ policy	487
Change or remove a class from an existing DiffServ policy	488
Delete a DiffServ policy	488
Configure the DiffServ service interface	489
Attach DiffServ policies to an interface	489
Change one or both DiffServ policies for an interface	490
Remove one or both DiffServ policies from an interface	491
Display DiffServ service statistics	492
7. Manage Switch Security	494
User accounts and passwords	495
Add or change a user account	495
Delete a user account	496
Configure user password requirements	497
Change the privileged EXEC CLI password	498
Change the console, Telnet, or SSH password	499
RADIUS servers	500
Configure the global RADIUS server settings	500
Configure a RADIUS authentication server on the switch	503
Add a RADIUS authentication server to the switch	503
Modify the settings for a RADIUS authentication server on the switch	505
Remove a RADIUS authentication server from the switch	506
Configure a RADIUS accounting server	507
Add a RADIUS accounting server to the switch	507
Modify the settings for a RADIUS accounting server on the switch	509
Remove a RADIUS accounting server from the switch	510
TACACS+ servers	510
Configure the global TACACS+ settings	511
Add a TACACS+ server to the switch	512
Modify the settings for a TACACS+ server on the switch	513
Remove a TACACS+ server from the switch	514
Authentication lists	514
Configure a login authentication list	514
Delete a login authentication list	516
Configure an enable authentication list	517
Delete an enable authentication list	519
Configure the Dot1x authentication list	520
Configure the HTTP authentication list	521
Configure the HTTPS authentication List	522
Current login sessions	523
HHTP and HTTPS management access	524
Configure HTTP access settings	524
Configure the HTTPS access settings	526
Browser security message with HTTPS access	527
Manage certificates for HTTPS access	528
Display the status of the SSL certificates	528
Generate an SSL certificate	529
Activate a certificate	530
Delete an SSL certificate	531
Transfer an existing HTTPS certificate from a server to the switch	531
SSH management access	533
Configure the global SSH access settings	534
Manage RSA and DSA keys for SSH access	535
Generate an RSA or DSA key	535
Delete an RSA or DSA key	536
Transfer existing SSH keys from a TFTP server to the switch	537
Telnet management access	539
Select Telnet authentication lists	539
Configure inbound Telnet settings	540
Configure outbound Telnet settings	541
Console port management access	542
Denial of service	544
Management access profiles and rules	546
Add an access profile	546
Add a rule to the access profile	547
Activate the access profile	548
Display the access profile summary and the number of filtered packets	549
Deactivate an access profile	550
Remove an access profile	551
Port authentication	552
Configure the global 802.1X settings	552
Manage port authentication on individual ports	554
Configure 802.1X settings for a port	554
Initialize 802.1X on a port	558
Display the port summary	559
Display the client summary	561
MAC filters for traffic control	563
Create a MAC filter	563
Delete a MAC filter	565
Display the MAC filter summary	566
Port security	567
Configure the global port security mode	567
Configure a port security interface	568
Display learned MAC addresses and convert them to static addresses	569
Add a static MAC address to the MAC address table for port security	571
Remove a static MAC address from the MAC address table for port security	571
Private port groups	572
Add a private port group	572
Remove a private port group	573

Match case Limit results 1 per page

•

Denial of Service ICMPv4

: Enabling ICMPv4 DoS prevention causes the switch

to drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater

than the configured ICMPv4 packet size. By default, this option is disabled.

•

Denial of Service Max ICMPv4 Packet Size

: Specify the maximum ICMPv4 packet

size allowed. If ICMPv4 DoS prevention is enabled, the switch drops ICMPv4 ping

packets with a size greater than the configured value. The range is from 0 to 16376.

The default value is 512.

•

Denial of Service ICMPv6

: Enabling ICMPv6 DoS prevention causes the switch

to drop ICMPv6 packets with a type set to ECHO_REQ (ping) and a size greater

than the configured ICMPv6 packet size. By default, this option is disabled.

•

Denial of Service Max ICMPv6 Packet Size

: Specify the maximum ICMPv6 packet

size allowed. If ICMPv6 DoS prevention is enabled, the switch drops ICMPv6 ping

packets with a size greater than the configured value. The range is from 0 to 16376.

The default value is 512.

•

Denial of Service First Fragment

: Enabling first fragment DoS prevention causes

the switch to check the DoS options on the first fragment of a fragmented IP

packet. Otherwise, the switch ignores the first fragment of a fragmented IP packet.

By default, this option is disabled.

•

Denial of Service ICMP Fragment

: Enabling ICMP Fragment DoS prevention

causes the switch to drop ICMP fragmented packets. By default, this option is

disabled.

•

Denial of Service SIP=DIP

: Enabling SIP=DIP DoS prevention causes the switch

to drop packets with a source IP address equal to the destination IP address. By

default, this option is disabled.

•

Denial of Service SMAC=DMAC

: Enabling SMAC=DMAC DoS prevention causes

the switch to drop packets with a source MAC address equal to the destination

MAC address. By default, this option is disabled.

•

Denial of Service TCP FIN&URG&PSH

: Enabling TCP FIN & URG & PSH DoS

prevention causes the switch to drop packets with TCP flags FIN, URG, and PSH

set and the TCP sequence number equal to 0. By default, this option is disabled.

•

Denial of Service TCP Flag&Sequence

: Enabling TCP Flag DoS prevention

causes the switch to drop packets with TCP control flags set to 0 and the TCP

sequence number set to 0. By default, this option is disabled.

•

Denial of Service TCP Fragment

: Enabling TCP Fragment DoS prevention causes

the switch to drop packets with a TCP payload for which the IP payload length

minus the IP header size is less than the minimum allowed TCP header size. By

default, this option is disabled.

•

Denial of Service TCP Offset

: Enabling TCP Offset DoS prevention causes the

switch to drop packets with a TCP header offset set to 1. By default, this option is

disabled.

•

Denial of Service TCP Port

: Enabling TCP Port DoS prevention causes the switch

to drop packets for which the TCP source port is equal to the TCP destination

port. By default, this option is disabled.

Main User Manual

545

Manage Switch Security

AV Line of Fully Managed Switches M4250 Series Main User Manual