6ServerIron ADX Security Guide
53-1002440-03
Peak BP utilization with TRAP
1
ServerIronADX# server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0 200.1.1.1 6
80
Prioritization of TCP port 80 traffic to management IP 200.1.1.1 from any source IP address
ServerIronADX# server prioritize-mgmt-traffic any 200.1.1.1 6 80
Prioritization of UDP port 2222 traffic to managem ent IP 20 0.1.1.1
ServerIronADX# server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0 200.1.1.1 17
2222
Prioritization of IP protocol 89 (OSPF) traffic to management IP 200.1.1.1
ServerIronADX# server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0 200.1.1.1 89

Protection against attack in hardware

ServerIron ADX allows for protection against attack in hardware without impacting MP or BP CPU
utilization. Configure the server the drop-all-mgmt-access command to drop all traffic destined to a
specified management IP address.
The following command drops all traffic destined to the management IP address 10.45.16.104.
ServerIronADX(config)# server drop-all-mgmt-access 10.45.16.104
Syntax: [no] server drop-all-mgmt-access <destination ip>
NOTE
For a router, the destination IP address is the physical or ve interface IP address For a switch, the
destination IP address is the management IP address.
The server drop-all-mgmt-access feature when used in combination with the server
prioritize-mgmt-traffic feature allows you to prioritize valid traffic while blocking unwanted traffic
destined to the management IP address.
For example, with the following configuration, only ssh, telnet and http traffic destined to
management IP address 10.45.16.104 will be prioritized and all other traffic destined to
10.45.16.104 w ill be dro pped.
ServerIronADX(config)#server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0
10.45.16.104 6 22
ServerIronADX(config)#server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0
10.45.16.104 6 23
ServerIronADX(config)#server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0
10.45.16.104 6 80
ServerIronADX(config)#server drop-all-mgmt-access 10.45.16.104
Peak BP utilization with TRAP

Show CPU-utilization command enhancement

The show cpu-utilization command displays CPU utilization peaks since the system boot or the last
reset of counters (using the clear cpu utilization command).
The command, clear cpu-utilization, on both the MP and the BP is used to reset the counter.