194 Configuring System Information
– Both TCP flags SYN and FIN set
•
Denial of Service L4 Port
— Enabling L4 Port DoS prevention causes the switch to drop packets that
have the TCP/UDP source port equal to TCP/UDP destination port.
•
Denial of Service ICMP
— Enabling ICMP DoS prevention causes the switch to drop ICMP packets
that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP packet size
(ICMP Pkt Size).
•
Denial of Service Max ICMP Pkt Size
— Specify the maximum ICMP packet size to allow. If ICMP
DoS prevention is enabled, the switch will drop ICMP ping packets that have a size greater then this
configured value.
Configuring Denial of Service Settings
1.
Open the
Denial of Service
page.
2.
Specify the desired settings.
3.
Click
Apply Changes
.
The device is updated with the new settings.
Configuring Denial of Service Settings Using CLI Commands
For information about the CLI commands that perform this function, see the
Denial of Service
Commands
chapter in the
CLI Reference Guide
. The following table summarizes the equivalent CLI
commands you use to configure Denial of Service.
Table 6-37. Denial of Service Configuration Commands
CLI Command Description
dos-control firstfrag Enables Minimum TCP Header Size Denial of Service protection.
dos-control icmp Enables Maximum ICMP Packet Size Denial of Service protections.
dos-control l4port Enables L4 Port Denial of Service protection.