Home » Netgear Manuals » Hubs & Switches » Netgear GS728TXS » Manual Viewer

Netgear GS728TXS GS728TXS/GS752TXS Software Administration Manual - Page 46

Denial of Service TCP FIN&URG&PSH, Denial of Service TCP Flag&Sequence

Add to My Manuals
Save this manual to your list of manuals

Page 46 highlights

GS752TXS and GS728TXS Smart Switches • Denial of Service Max ICMPv6 Packet Size: Specify the Max IPv6 ICMP packet size allowed. If ICMPv6 DoS prevention is enabled, the switch will drop IPv6 ICMP ping packets that have a size greater than this configured Max ICMPv6 Pkt Size. • Denial of Service First Fragment: Enabling First Fragment DoS prevention causes the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets. Otherwise, switch ignores the first fragment IP packages. • Denial of Service ICMP Fragment: Enabling ICMP Fragment DoS prevention causes the switch to drop ICMP Fragmented packets. • Denial of Service SIP=DIP: Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address. • Denial of Service SMAC=DMAC: Enabling SMAC=DMAC DoS prevention causes the switch to drop packets that have a source MAC address equal to the destination MAC address. • Denial of Service TCP FIN&URG&PSH: Enabling TCP FIN & URG & PSH DoS prevention causes the switch to drop packets that have TCP Flags FIN, URG, and PSH set and TCP Sequence Number equal to 0. • Denial of Service TCP Flag&Sequence: Enabling TCP Flag DoS prevention causes the switch to drop packets that have TCP control flags set to 0 and TCP sequence number set to 0. • Denial of Service TCP Fragment: Enabling TCP Fragment DoS prevention causes the switch to drop packets that have a TCP payload where the IP payload length minus the IP header size is less than the minimum allowed TCP header size. • Denial of Service TCP Offset: Enabling TCP Offset DoS prevention causes the switch to drop packets that have a TCP header Offset set to 1. • Denial of Service TCP Port: Enabling TCP Port DoS prevention causes the switch to drop packets that have TCP source port equal to TCP destination port. • Denial of Service TCP SYN: Enabling TCP SYN DoS prevention causes the switch to drop packets that have TCP Flags SYN set. • Denial of Service TCP SYN&FIN: Enabling TCP SYN & FIN DoS prevention causes the switch to drop packets that have TCP Flags SYN and FIN set. 3. Click Apply. 46

Section	Page
GS752TXS and GS728TXS Smart Switches	1
Contents	3
1. Getting Started	9
Getting Started with the GS752TXS and GS728TXS Smart Switches	9
Switch Management Interface	10
Connect the Switch to the Network	10
Discover a Switch in a Network with a DHCP Server	11
Discover a Switch in a Network without a DHCP Server	12
Configure the Network Settings on the Administrative System	14
Access the Management Interface from a Web Browser	17
Understand the User Interfaces	18
Use the Web Interface	18
Use SNMPv3	24
Interface Naming Convention	25
Online Help	26
Support	26
User Guide	26
Registration	27
2. Configure System Information	28
Management	28
System Information	29
Slot Information	31
IP Configuration	33
IPv6 Network Configuration	35
IPv6 Network Neighbor	36
Time	37
Denial of Service	44
DNS	47
Green Ethernet	49
SNMP	57
SNMPV1/V2	57
LLDP	61
LLDP Configuration	62
LLDP Port Settings	63
LLDP-MED Network Policy	64
LLDP-MED Port Settings	65
Local Information	66
Neighbors Information	69
Services—DHCP Snooping	73
Global Configuration	74
Interface Configuration	75
Binding Configuration	77
Persistent Configuration	78
Statistics	79
3. Switch Stack Configuration	81
Stacking Overview	81
Stack Features	82
Factory Defaults Reset Behavior	83
Stack Manager Election and Reelection	83
Stack Configuration	84
Install a Stack	84
Remove a Unit from the Stack	85
Add a Unit to an Operating Stack	85
Renumber a Stack Member	86
Move the Stack Manager Role to a Different Unit in the Stack	87
Remove a Stack Manager from an Operating Stack	88
Merge Two Operational Stacks	88
Configure a Stack Member	89
View Stack Member Information	90
Configure the Stacking Ports as Ethernet Uplink Ports	91
View Stack Port Diagnostic Information	93
Synchronize Stack Firmware	94
4. Configuring Switching	95
Ports	95
Port Configuration	95
Flow Control	97
Link Aggregation Groups	98
LAG Configuration	98
LAG Membership	100
LACP Configuration	101
LACP Port Configuration	101
VLANs	102
Basic VLAN Configuration	103
VLAN Membership Configuration	104
VLAN Status	105
Port VLAN ID Configuration	106
MAC-Based VLAN	108
Protocol-Based VLAN Group Configuration	109
Protocol Based VLAN Group Membership	110
Voice VLAN	111
Auto-VoIP Configuration	112
Configure Protocol-Based Auto VoIP Settings	112
OUI-Based Properties	114
Port Settings	115
OUI Table	116
Spanning Tree Protocol	117
STP Configuration	118
CST Configuration	120
CST Port Configuration	121
CST Port Status	123
Rapid STP	124
MST Configuration	125
MST Port Configuration	126
STP Statistics	128
Multicast	129
Bridge Multicast Forwarding	130
MFDB Table	131
MFDB Statistics	132
Auto-Video	132
IGMP Snooping	133
IGMP Snooping Querier	139
MLD Snooping	143
Forwarding Database	150
MAC Address Table	151
Dynamic Address Configuration	152
Static MAC Address	153
5. Configuring Routing	155
Configuring IP Settings	155
IP Configuration	156
IP Statistics	156
Configure VLAN Routing	160
VLAN Routing Wizard	160
VLAN Routing Configuration	162
Configuring Router Discovery	163
Router Discovery Configuration	163
Configure and View Routes	164
Configure ARP	166
ARP Cache	166
Create a Static ARP Entry	167
Configure Global ARP Settings	168
Remove an ARP Entry From the ARP Cache	170
6. Configuring Quality of Service	171
Class of Service	171
Basic CoS Configuration	172
CoS Interface Configuration	173
Interface Queue Configuration	174
802.1p to Queue Mapping	176
DSCP to Queue Mapping	177
Differentiated Services	178
Defining DiffServ	178
Diffserv Configuration	179
Class Configuration	180
IPv6 Class Configuration	183
Policy Configuration	184
Service Configuration	187
Service Statistics	188
7. Managing Device Security	189
Management Security Settings	189
Change Password	189
RADIUS Configuration	191
Configuring TACACS+	196
Authentication List Configuration	198
Configuring Management Access	201
HTTP Configuration	201
Secure HTTP Configuration	202
Certificate Management	203
Certificate Download	204
Access Control	206
Port Authentication	208
802.1X Configuration	208
Port Authentication	209
Port Summary	213
Traffic Control	215
MAC Filter Configuration	215
MAC Filter Summary	217
Storm Control	218
Port Security Configuration	219
Port Security Interface Configuration	220
Security MAC Address	221
Protected Ports Membership	222
Configuring Access Control Lists	223
ACL Wizard	224
MAC ACL	226
MAC Rules	227
MAC Binding Configuration	229
MAC Binding Table	230
IP ACL	231
IP Rules	232
IP Extended Rules	233
IPv6 ACL	236
IPv6 Rules	237
IP Binding Configuration	241
IP Binding Table	242
VLAN Binding Table	243
8. Monitoring the System	245
Ports	245
Switch Statistics	245
Port Statistics	248
Port Detailed Statistics	250
EAP Statistics	257
Cable Test	258
Logs	260
Memory Logs	260
FLASH Log	262
Server Log	263
Trap Logs	265
Event Logs	267
Mirroring	268
9. Maintenance	271
Reset	271
Device Reboot	271
Factory Default	272
Upload	272
TFTP File Upload	273
HTTP File Upload	274
Download	275
TFTP File Download	275
HTTP File Download	277
File Management	278
Copy	278
Dual Image Configuration	279
Dual Image Status	280
A. Smart Control Center Utilities	281
Network Utilities	281
Configure the Device	283
Change the Switch Password	284
Manage the Switch Configuration and Firmware	285
Upload and Download the Configuration	285
Upgrade the Firmware	287
View and Manage Tasks	289
B. Troubleshooting	291
Troubleshooting Configuration Menu	291
Ping	291
Ping IPv6	293
TraceRoute	294
Troubleshooting Chart	295
C. Configuration Examples	297
Virtual Local Area Networks (VLANs)	297
Sample VLAN Configuration	298
Access Control Lists (ACLs)	299
MAC ACL Example Configuration	300
Sample Standard IP ACL Configuration	301
Differentiated Services (DiffServ)	302
Class	303
DiffServ Traffic Classes	304
Creating Policies	304
Sample DiffServ Configuration	305
802.1X	307
Sample 802.1X Configuration	308
MSTP	309
Sample MSTP Configuration	311
VLAN Routing with a Static Route	313
VLAN Routing Overview	313
Sample VLAN Routing Configuration	314
D. Hardware Specifications and Default Values	315
GS752TXS and GS728TXS Smart Switches Specifications	315
GS752TXS/GS728TXS Switch Features and Defaults	316

Match case Limit results 1 per page

GS752TXS and GS728TXS Smart Switches

•

Denial of Service Max ICMPv6 Packet Size

: Specify the Max IPv6 ICMP packet size

allowed. If ICMPv6 DoS prevention is enabled, the switch will drop IPv6 ICMP ping

packets that have a size greater than this configured Max ICMPv6 Pkt Size.

•

Denial of Service First Fragment

: Enabling First Fragment DoS prevention causes

the switch to check DoS options on first fragment IP packets when switch are

receiving fragmented IP packets. Otherwise, switch ignores the first fragment IP

packages.

•

Denial of Service ICMP Fragment

: Enabling ICMP Fragment DoS prevention

causes the switch to drop ICMP Fragmented packets.

•

Denial of Service SIP=DIP

: Enabling SIP=DIP DoS prevention causes the switch to

drop packets that have a source IP address equal to the destination IP address.

•

Denial of Service SMAC=DMAC

: Enabling SMAC=DMAC DoS prevention causes

the switch to drop packets that have a source MAC address equal to the destination

MAC address.

•

Denial of Service TCP FIN&URG&PSH

: Enabling TCP FIN & URG & PSH DoS

prevention causes the switch to drop packets that have TCP Flags FIN, URG, and

PSH set and TCP Sequence Number equal to 0.

•

Denial of Service TCP Flag&Sequence

: Enabling TCP Flag DoS prevention causes

the switch to drop packets that have TCP control flags set to 0 and TCP sequence

number set to 0.

•

Denial of Service TCP Fragment

: Enabling TCP Fragment DoS prevention causes

the switch to drop packets that have a TCP payload where the IP payload length

minus the IP header size is less than the minimum allowed TCP header size.

•

Denial of Service TCP Offset

: Enabling TCP Offset DoS prevention causes the

switch to drop packets that have a TCP header Offset set to 1.

•

Denial of Service TCP Port

: Enabling TCP Port DoS prevention causes the switch to

drop packets that have TCP source port equal to TCP destination port.

•

Denial of Service TCP SYN

: Enabling TCP SYN DoS prevention causes the switch

to drop packets that have TCP Flags SYN set.

•

Denial of Service TCP SYN&FIN

: Enabling TCP SYN & FIN DoS prevention causes

the switch to drop packets that have TCP Flags SYN and FIN set.

Click

Apply