security-suite dos protect 145
Parameters
■global-rules-only — Specifies that all the security suites commands
would be only global commands. This setting saves space in the
Ternary Content Addressable Memory (TCAM).
Default Configuration
No protection is configured.
Command Mode
Global Configuration mode
User Guidelines
MAC ACLs should be removed before the security-suite is enabled. The
rules can be reentered after the security-suite is enabled.
If ACLs or policy maps are assigned on ports, per interface security-suite
rules cannot be enabled.
Example
The following example enables the security suite feature and specifies
that all the security suites commands would be only global commands.
security-suite dos protectThe security-suite dos protect Global Configuration mode command
protects the system from specific well-known Denial Of Service attacks.
Use the no form of this command to disable protection.
Syntax
security-suite dos protect {add attack | remove attack}
no security-suite dos protect
Parameters
■attack — Specify the attack type. See the usage guidelines for list of
attacks.
Default Configuration
No protection is configured.
Console(config)#
security-suite enable
global-rules-only