Netgear GSM7224P GSM5212P/GSM7212P/GSM7212F/GSM7224P User Manual - Page 253
Port Authentication, Denial of Service TCP FLAG
View all Netgear GSM7224P manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 253 highlights
Web Management User Guide the switch will drop ICMP ping packets that have a size greater then this configured Max ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512. 6. Use Denial of Service SIP=DIP to enable SIP=DIP DoS prevention causing the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is disabled. 7. Use Denial of Service TCP FLAG to enable TCP Flag DoS prevention causing the switch to drop these packets: • TCP SYN flag=1 & source port < 1024 • TCP control flag =0 & sequence number = 0 • TCP FIN,URG,PSH bits set & sequence number = 0 • TCP SYN & FIN bits set The factory default is disabled. 8. Use Denial of Service TCP Fragment to enable TCP Fragment DoS prevention causing the switch to drop packets: • First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size < Min_TCP_Header_Size. The factory default is disabled. Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. The 802.1X network has three components: • Authenticators - Specifies the port that is authenticated before permitting system access. • Supplicants - Specifies the host connected to the authenticated port requesting access to the system services. • Authentication Server - Specifies the external server, for example, the RADIUS server that performs the authentication on behalf of the authenticator, and indicates whether the user is authorized to access system services. From the Port Authentication link, you can access the following pages: • Basic on page 254 • Advanced on page 255 253