Home » Netgear Manuals » Hubs & Switches » Netgear GS110TP » Manual Viewer

Netgear GS110TP GS108Tv2/GS110TP Software Reference Manual - Page 50

Denial of Service Min TCP Hdr Size

UPC - 606449069129

Add to My Manuals
Save this manual to your list of manuals

Page 50 highlights

GS108T and GS110TP Smart Switch Software Administration Manual To configure individual DoS settings: 1. Select the types of DoS attacks for the switch to monitor and block and configure any associated values, as the following list describes. • Denial of Service SIP=DIP. Enable or disable this option by selecting the appropriate radio button. Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is Disable. • Denial of Service First Fragment. Enable or disable this option by selecting the appropriate radio button. Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller than the configured Min TCP Hdr Size. The factory default is Disable. • Denial of Service Min TCP Hdr Size. Specify the Min TCP Hdr Size allowed. If First Fragment DoS prevention is enabled, the switch will drop packets that have a TCP header smaller than this configured Min TCP Hdr Size. The factory default is 20 bytes. • Denial of Service TCP Fragment. Enable or disable this option by selecting the appropriate radio button. Enabling TCP Fragment DoS prevention causes the switch to drop packets that have an IP fragment offset equal to 1. The factory default is Disable. • Denial of Service TCP Flag. Enable or disable this option by selecting the appropriate radio button. Enabling TCP Flag DoS prevention causes the switch to drop packets that have TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to 0 and TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and TCP sequence number set to 0 or both TCP flags SYN and FIN set. The factory default is Disable. • Denial of Service L4 Port. Enable or disable this option by selecting the appropriate radio button. Enabling L4 Port DoS prevention causes the switch to drop packets that have TCP/ UDP source port equal to TCP/UDP destination port. The factory default is Disable. • Denial of Service ICMP. Enable or disable this option by selecting the appropriate radio button. Enabling ICMP DoS prevention causes the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP packet size. The factory default is Disable. • Denial of Service Max ICMP Size. Specify the Max ICMP packet size allowed. If ICMP DoS prevention is enabled, the switch will drop ICMP ping packets that have a size greater then this configured Max ICMP packet size. The factory default is Disable. 2. If you change any of the DoS settings, click Apply to apply the changes to the switch. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 2-14 v1.0, April 2010 Configuring System Information

Section	Page
GS108T and GS110TP Smart Switch Software Administration Manual	1
Contents	5
About This Manual	11
Audience	11
Organization	11
Conventions, Formats and Scope	12
How to Print this Manual	14
Revision History	14
Chapter 1 Getting Started	15
Switch Management Interface	15
Connecting the Switch to the Network	16
Switch Discovery in a Network with a DHCP Server	17
Switch Discovery in a Network without a DHCP Server	19
Configuring the Network Settings on the Administrative System	21
Web Access	22
Smart Control Center Utilities	23
Network Utilities	23
Configuration Upload and Download	24
Firmware Upgrade	26
Viewing and Managing Tasks	28
Understanding the User Interfaces	29
Using the Web Interface	29
Navigation Tabs, Feature Links, and Page Menu	30
Configuration and Monitoring Options	31
Device View	32
Help Page Access	34
User-Defined Fields	34
Using SNMP	34
Interface Naming Convention	35
Chapter 2 Configuring System Information	37
Management	37
System Information	37
IP Configuration	39
Time	41
Time Configuration	42
SNTP Server Configuration	45
Denial of Service	48
Auto-DoS Configuration	48
DoS Configuration	49
DNS	51
DNS Configuration	51
Host Configuration	52
Green Ethernet Configuration	53
PoE (GS110TP Only)	54
PoE Configuration	55
PoE Port Configuration	56
Timer Global Configuration	58
Timer Schedule Configuration	59
SNMP	61
SNMPV1/V2	61
Community Configuration	61
Trap Configuration	63
Trap Flags	64
SNMP v3 User Configuration	65
LLDP	67
LLDP Configuration	67
LLDP Port Settings	69
LLDP-MED Network Policy	70
LLDP-MED Port Settings	72
Local Information	73
Neighbors Information	76
Services — DHCP Filtering	81
DHCP Filtering Configuration	81
Interface Configuration	82
Chapter 3 Configuring Switching Information	85
Ports	85
Port Configuration	85
Flow Control	88
Link Aggregation Groups	89
LAG Configuration	89
LAG Membership	91
LACP Configuration	92
LACP Port Configuration	93
VLANs	94
VLAN Configuration	95
VLAN Membership Configuration	96
Port VLAN ID Configuration	98
Voice VLAN	100
Voice VLAN Properties	100
Voice VLAN Port Setting	102
Voice VLAN OUI	103
Auto-VoIP	104
Spanning Tree Protocol	106
STP Switch Configuration	107
CST Configuration	109
CST Port Configuration	111
CST Port Status	113
Rapid STP	115
MST Configuration	116
MST Port Configuration	118
STP Statistics	121
Multicast	122
Auto-Video Configuration	122
IGMP Snooping	123
IGMP Snooping Configuration	124
IGMP Snooping Interface Configuration	125
IGMP Snooping Table	127
Multicast Forwarding Database Table	129
MFDB Statistics	130
IGMP Snooping VLAN Configuration	132
IGMP Snooping Querier	133
IGMP Snooping Querier Configuration	134
IGMP Snooping Querier VLAN Configuration	135
IGMP Snooping Querier VLAN Status	136
Forwarding Database	137
MAC Address Table	138
Dynamic Address Configuration	139
Static MAC Address	140
Chapter 4 Configuring Quality of Service	143
Class of Service	143
Basic CoS Configuration	144
CoS Interface Configuration	146
Interface Queue Configuration	147
802.1p to Queue Mapping	149
DSCP to Queue Mapping	151
Differentiated Services	152
Defining DiffServ	152
Diffserv Configuration	153
Class Configuration	155
Policy Configuration	159
Service Configuration	165
Service Statistics	166
Chapter 5 Managing Device Security	169
Management Security Settings	169
Change Password	170
RADIUS Configuration	171
Global Configuration	171
RADIUS Server Configuration	173
Accounting Server Configuration	175
Configuring TACACS+	178
TACACS+ Configuration	178
TACACS+ Server Configuration	179
Authentication List Configuration	181
Configuring Management Access	182
HTTP Configuration	183
Secure HTTP Configuration	184
Certificate Download	186
Access Profile Configuration	187
Access Rule Configuration	189
Port Authentication	191
802.1X Configuration	192
Port Authentication	193
Port Summary	198
Traffic Control	200
MAC Filter Configuration	200
MAC Filter Summary	202
Storm Control	203
Port Security Configuration	205
Port Security Interface Configuration	206
Security MAC Address	208
Protected Ports Membership	209
Configuring Access Control Lists	210
ACL Wizard	211
MAC ACL	212
MAC Rules	214
MAC Binding Configuration	216
MAC Binding Table	217
IP ACL	218
IP Rules	220
IP Extended Rule	221
IP Binding Configuration	226
IP Binding Table	227
Chapter 6 Monitoring the System	229
Ports	229
Switch Statistics	229
Port Statistics	232
Port Detailed Statistics	233
EAP Statistics	241
System Logs	242
Memory Logs	243
FLASH Log Configuration	245
Server Log Configuration	247
Trap Logs	249
Event Logs	250
Port Mirroring	252
Multiple Port Mirroring	252
Chapter 7 Maintenance	255
Reset	255
Device Reboot	255
Factory Default	256
Upload File From Switch	257
Download File To Switch	259
TFTP File Download	259
HTTP File Download	262
File Management	263
Dual Image Configuration	264
Dual Image Status	265
Troubleshooting	266
Ping	266
Traceroute	268
Chapter 8 Help	271
Online Help	271
Support	271
User Guide	272
Appendix A Hardware Specifications and Default Values	273
GS108T Gigabit Smart Switch and GS110TP Gigabit Smart Switch Specifications	273
GS108T and GS110TP Switch Features and Defaults	274
Appendix B Configuration Examples	279
Virtual Local Area Networks (VLANs)	279
VLAN Example Configuration	281
Access Control Lists (ACLs)	282
MAC ACL Example Configuration	282
Standard IP ACL Example Configuration	284
Differentiated Services (DiffServ)	285
Class	286
DiffServ Traffic Classes	286
Creating Policies	287
Traffic Conditioning Policy	287
DiffServ Example Configuration	288
802.1X	290
802.1X Example Configuration	292
MSTP	293
MSTP Example Configuration	295

Match case Limit results 1 per page

GS108T and GS110TP Smart Switch Software Administration Manual

2-14

Configuring System Information

v1.0, April 2010

To configure individual DoS settings:

Select the types of DoS attacks for the switch to monitor and block and configure any

associated values, as the following list describes.

•

Denial of Service SIP=DIP

. Enable or disable this option by selecting the appropriate

radio button. Enabling SIP=DIP DoS prevention causes the switch to drop packets that

have a source IP address equal to the destination IP address. The factory default is Disable.

•

Denial of Service First Fragment

. Enable or disable this option by selecting the

appropriate radio button. Enabling First Fragment DoS prevention causes the switch to

drop packets that have a TCP header smaller than the configured Min TCP Hdr Size. The

factory default is Disable.

•

Denial of Service Min TCP Hdr Size

. Specify the Min TCP Hdr Size allowed. If First

Fragment DoS prevention is enabled, the switch will drop packets that have a TCP header

smaller than this configured Min TCP Hdr Size. The factory default is 20 bytes.

•

Denial of Service TCP Fragment

. Enable or disable this option by selecting the

appropriate radio button. Enabling TCP Fragment DoS prevention causes the switch to

drop packets that have an IP fragment offset equal to 1. The factory default is Disable.

•

Denial of Service TCP Flag

. Enable or disable this option by selecting the appropriate

radio button. Enabling TCP Flag DoS prevention causes the switch to drop packets that

have TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to 0

and TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and TCP

sequence number set to 0 or both TCP flags SYN and FIN set. The factory default is

Disable.

•

Denial of Service L4 Port

. Enable or disable this option by selecting the appropriate radio

button. Enabling L4 Port DoS prevention causes the switch to drop packets that have TCP/

UDP source port equal to TCP/UDP destination port. The factory default is Disable.

•

Denial of Service ICMP

. Enable or disable this option by selecting the appropriate radio

button. Enabling ICMP DoS prevention causes the switch to drop ICMP packets that have

a type set to ECHO_REQ (ping) and a size greater than the configured ICMP packet size.

The factory default is Disable.

•

Denial of Service Max ICMP Size

. Specify the Max ICMP packet size allowed. If ICMP

DoS prevention is enabled, the switch will drop ICMP ping packets that have a size

greater then this configured Max ICMP packet size. The factory default is Disable.

If you change any of the DoS settings, click

Apply

to apply the changes to the switch.

Click

Cancel

to cancel the configuration on the screen and reset the data on the screen to the

latest value of the switch.