Dell PowerEdge M520 Dell PowerConnect M6220/M6348/M8024 Switches Configuration - Page 43
CLI Examples, Example #1: Enabling all DOS Controls
View all Dell PowerEdge M520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 43 highlights
The following table describes the dos-control keywords. Table 3-1. DoS Control Keyword firstfrag icmp l4port sipdip tcpflag tcpfrag Meaning Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller then the configured Min TCP Hdr Size. ICMP DoS prevention causes the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size. Enabling L4 Port DoS prevention causes the switch to drop packets that have TCP/UDP source port equal to TCP/UDP destination port. Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address. Enabling TCP Flag DoS prevention causes the switch to drop packets that have TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to 0 and TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and TCP sequence number set to 0 or both TCP flags SYN and FIN set. Enabling TCP Fragment DoS prevention causes the switch to drop packets that have an IP fragment offset equal to 1. CLI Examples The commands shown below show how to enable DoS protection and view its status. Example #1: Enabling all DOS Controls console#configure console(config)#dos-control sipdip console(config)#dos-control firstfrag console(config)#dos-control tcpfrag console(config)#dos-control l4port console(config)#dos-control icmp console(config)#exit Example #2: Viewing the DoS Configuration Information console#show dos-control SIPDIP Mode Enable First Fragment Mode Enable Min TCP Hdr Size 20 TCP Fragment Mode Enable TCP Flag Mode Disable L4 Port Mode Enable ICMP Mode Enable Max ICMP Pkt Size 512 Switching Configuration 43