194 Configuring System Information
– Both TCP flags SYN and FIN set
•
Denial of Service L4 Port
— Enabling L4 Port DoS prevention causes the switch to drop packets that
have the TCP/UDP source port equal to TCP/UDP destination port.
•
Denial of Service ICMP
— Enabling ICMP DoS prevention causes the switch to drop ICMP packets
that have a type set to ECHO_REQ (ping) a nd a size greater than the configured ICMP packet s ize
(ICMP Pkt Size).
•
Denial of Service Max ICMP Pkt Size
— Specify the maximum ICMP packet size to allow. If ICMP
DoS prevention is enabled, the switch will drop ICMP ping packets that have a size greater then this
configured value.
Configuring Denial of Service Settings
1.
Open the
Denial of Service
page.
2.
Specify the desired settings.
3.
Click
Apply Changes
.
The device is updated with the new settings.
Configuring Denial of Service Settings Using CLI Commands
For information about the CLI commands that perform thi s function, see the
Denial of Service
Commands
chapter in the
CLI Reference Guide
. The following table summarizes the equivalent CLI
commands you use to configure Denial of Service.
Table 6-37. Denial of Service Configuration Commands
CLI Command Description
dos-control firstfrag Enables Minimum TCP Header Size Denial of Service protection.
dos-control icmp Enables Maximum ICMP Packet Size Denial of Service protections.
dos-control l4port Enables L4 Port Denial of Service protection.