Home » Netgear Manuals » Hubs & Switches » Netgear GSM7252PS » Manual Viewer

Netgear GSM7252PS ProSafe Managed Switch Web Management User Manual - Page 466

Port Authentication, Denial of Service Max ICMP Packet Size

UPC - 606449071665

Add to My Manuals
Save this manual to your list of manuals

Page 466 highlights

ProSafe® Gigabit L3 Managed Stackable Switches Software Administration Manual 1. Use Denial of Service Min TCP Header Size to specify the Min TCP Hdr Size allowed. If DoS TCP Fragment is enabled, the switch will drop these packets: • First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size < Min_TCP_Header_Size. The factory default is disabled. 2. Use Denial of Service L4 Port to enable L4 Port DoS prevention causing the switch to drop packets having source TCP/UDP port number equal to destination TCP/UDP port number. The factory default is disabled. 3. Use Denial of Service First Fragment to enable First Fragment DoS prevention causing the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets. Otherwise, switch ignores the first fragment IP packages. The factory default is disabled. 4. Use Denial of Service ICMP to enable ICMP DoS prevention causing the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size. The factory default is disabled. 5. Use Denial of Service Max ICMP Packet Size to specify the Max ICMP Packet Size allowed (This includes the ICMP header size of 8 bytes). If ICMP DoS prevention is enabled, the switch will drop ICMP ping packets that have a size greater then this configured Max ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512. 6. Use Denial of Service SIP=DIP to enable SIP=DIP DoS prevention causing the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is disabled. 7. Use Denial of Service TCP FLAG to enable TCP Flag DoS prevention causing the switch to drop these packets: • TCP SYN flag=1 & source port < 1024 • TCP control flag =0 & sequence number = 0 • TCP FIN,URG,PSH bits set & sequence number = 0 • TCP SYN & FIN bits set The factory default is disabled. 8. Use Denial of Service TCP Fragment to enable TCP Fragment DoS prevention causing the switch to drop packets: • First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size < Min_TCP_Header_Size. The factory default is disabled. Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. 466 | Chapter 6. Managing Device Security

Section	Page
ProSafe® Managed Switch	1
Table of Contents	3
1. Getting Started	9
Switch Management Interface	9
Web Access	9
Understanding the User Interfaces	10
Using the Web Interface	10
Using SNMP	17
Interface Naming Convention	18
2. Configuring System Information	19
Management	19
System Information	20
Switch Statistics	26
System Resource	29
Slot Information	30
Loopback Interface	32
Network Interface	33
Time	38
DNS	46
License	49
Show License	49
License Features	50
Services	50
DHCP Server	51
DHCP Relay	62
DHCP L2 Relay	64
UDP Relay	67
DHCPv6 Server	71
DHCPv6 Relay	79
Stacking	79
Basic	80
Advanced	83
PoE	86
Basic	86
Advanced	89
SNMP	93
SNMPV1/V2	93
SNMP V3	101
LLDP	102
LLDP	103
LLDP-MED	113
ISDP	121
Basic	121
Advanced	124
3. Configuring Switching Information	130
VLANs	130
Basic	131
Advanced	134
Spanning Tree Protocol	151
Basic	152
Advanced	155
Multicast	168
MFDB	168
IGMP Snooping	172
MLD Snooping	184
Address Table	192
Basic	192
Advanced	195
Ports	197
Port Configuration	198
Port Description	200
Link Aggregation Groups	201
LAG Configuration	201
LAG Membership	203
4. Routing	205
Routing Table	205
Basic	205
Advanced	209
IP	213
Basic	213
Advanced	220
IPv6	229
Basic	230
Advanced	233
VLAN	250
VLAN Routing Wizard	251
VLAN Routing Configuration	252
ARP	252
Basic	253
Advanced	255
RIP	258
Basic	258
Advanced	260
OSPF	266
Basic	267
Advanced	268
OSPFv3	296
Basic	296
Advanced	298
Router Discovery	323
Router Discovery Configuration	324
VRRP	325
Basic	325
Advanced	329
Multicast	334
Mroute Table	335
Multicast Global Configuration	336
Multicast Interface Configuration	337
DVMRP	338
IGMP	346
PIM-DM	359
PIM-SM	362
Static Routes Configuration	370
Admin Boundary Configuration	371
IPv6 Multicast	371
Mroute Table	372
IPv6 PIM-DM	374
IPv6 PIM-SM	377
MLD	385
Static Routes Configuration	397
5. Configuring Quality of Service	398
Class of Service	398
Basic	399
Advanced	401
Differentiated Services	407
DiffServ Wizard	409
Auto VoIP Configuration	411
Basic	412
Advanced	414
6. Managing Device Security	427
Management Security Settings	427
Local User	428
Enable Password Configuration	431
Line Password Configuration	432
RADIUS	433
Configuring TACACS+	440
Authentication List Configuration	443
Login Sessions	450
Configuring Management Access	450
HTTP	451
HTTPS	453
SSH	458
Telnet	462
Console Port	464
Denial of Service	465
Port Authentication	466
Basic	467
Advanced	470
Traffic Control	481
MAC Filter	481
Port Security	484
Private Group	490
Protected Ports Configuration	492
Storm Control	493
Control	496
DHCP Snooping	497
IP Source Guard	503
Dynamic ARP Inspection	505
Captive Portal	512
Configuring Access Control Lists	524
Basic	524
Advanced	531
7. Monitoring the System	546
Ports	546
Port Statistics	546
Port Detailed Statistics	549
EAP Statistics	557
Cable Test	559
Logs	560
Buffered Logs	561
Command Log Configuration	563
Console Log Configuration	564
SysLog Configuration	565
Trap Logs	566
Event Logs	568
Persistent Logs	570
Port Mirroring	571
Multiple Port Mirroring	571
sFlow	573
Basic	573
Advanced	575
8. Maintenance	578
Save Configuration	578
Save Configuration	578
Auto Install Configuration	580
Reset	580
Device Reboot	580
Factory Default	582
Password Reset	583
Upload File From Switch	583
File Upload	583
HTTP File Upload	586
USB File Upload	587
Download File To Switch	587
File Download	588
HTTP File Download	589
USB File Download	592
File Management	592
Copy	593
Dual Image Configuration	594
Troubleshooting	595
Ping IPv4	595
Ping IPv6	598
Traceroute IPv4	599
Traceroute IPv6	601
9. Help	602
Online Help	602
Support	602
User Guide	603
A. Default Settings	604
B. Configuration Examples	608
Virtual Local Area Networks (VLANs)	608
VLAN Example Configuration	609
Access Control Lists (ACLs)	610
MAC ACL Example Configuration	611
Standard IP ACL Example Configuration	612
Differentiated Services (DiffServ)	613
Class	613
DiffServ Traffic Classes	614
Creating Policies	614
DiffServ Example Configuration	616
802.1X	617
802.1X Example Configuration	619
MSTP	620
MSTP Example Configuration	621
C. Notification of Compliance	624

Match case Limit results 1 per page

466

Chapter 6.

Managing Device Security

ProSafe® Gigabit L3 Managed Stackable Switches Software Administration Manual

Use

Denial of Service Min TCP Header Size

to specify the Min TCP Hdr Size allowed. If

DoS TCP Fragment is enabled, the switch will drop these packets:

•

First TCP fragments that has a TCP payload

- IP_Payload_Length - IP_Header_Size

< Min_TCP_Header_Size.

The factory default is disabled.

Use

Denial of Service L4 Port

to enable L4 Port DoS prevention causing the switch to drop

packets having source TCP/UDP port number equal to destination TCP/UDP port number.

The factory default is disabled.

Use

Denial of Service First Fragment

to enable First Fragment DoS prevention causing

the switch to check DoS options on first fragment IP packets when switch are receiving

fragmented IP packets. Otherwise, switch ignores the first fragment IP packages. The

factory default is disabled.

Use

Denial of Service ICMP

to enable ICMP DoS prevention causing the switch to drop

ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the

configured ICMP Pkt Size. The factory default is disabled.

Use

Denial of Service Max ICMP Packet Size

to specify the Max ICMP Packet Size

allowed (This includes the ICMP header size of 8 bytes). If ICMP DoS prevention is enabled,

the switch will drop ICMP ping packets that have a size greater then this configured Max

ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512.

Use

Denial of Service SIP=DIP

to enable SIP=DIP DoS prevention causing the switch to

drop packets that have a source IP address equal to the destination IP address. The factory

default is disabled.

Use

Denial of Service TCP FLAG

to enable TCP Flag DoS prevention causing the switch

to drop these packets:

•

TCP SYN flag=1 & source port < 1024

•

TCP control flag =0 & sequence number = 0

•

TCP FIN,URG,PSH bits set & sequence number = 0

•

TCP SYN & FIN bits set

The factory default is disabled.

Use

Denial of Service TCP Fragment

to enable TCP Fragment DoS prevention causing

the switch to drop packets:

•

First TCP fragments that has a TCP payload

- IP_Payload_Length - IP_Header_Size

< Min_TCP_Header_Size.

The factory default is disabled.

Port Authentication

In port-based authentication mode, when 802.1X is enabled globally and on the port,

successful authentication of any one supplicant attached to the port results in all users being

able to use the port without restrictions. At any given time, only one supplicant is allowed to

attempt authentication on a port in this mode. Ports in this mode are under bidirectional

control. This is the default authentication mode.