General Security Commands
XSR CLI Reference Guide 16-89
Syntax of the “no” Form
Thresholdloggingisdisabledwiththenoformofthiscommand:
no access-list log-update-threshold
Mode
Globalconfiguration:XSR(config)#
Default
Disabled
Example
ThefollowingexampleenablesalarmloggingforACL101andsetsthelogthresholdat10000:
XSR(config)#access-list 101 deny ip 15.15.15.1 0.0.0.255 16.16.16.1 0.0.0.255 log
XSR(config)#access-list log-update-threshold 10000

hostdos

ThiscommandenableshostsecurityprotectionagainstvariousDoSattacksviasourceIPaddress
validation.
Syntax
hostdos {land | fragmicmp | largeicmp [size] | checkspoof}
Syntax of the “no” Form
Thenoformdisablesthespecifiedsecurityfeature:
no hostdos {land | fragmicmp | largeicmp [size] | checkspoof}
Mode
Globalconfiguration:XSR(config)#
Defaults
• Disabled
•Size:1024
Note: Performing source address validation can improve security in some situations but can
erroneously discard valid packets in situations where inbound and outbound paths differ and will
negatively impact some routing protocols.
land Enableslandattackprotection.
fragmicmp EnablesfragmentedICMPpacketsprotection.
largeicmp EnableslargeICMPpacketsprotection.
size Packetsizeabovewhichprotectionstarts,rangingfrom1to65535.
checkspoof Enablesspoofedaddresschecking.