Cisco Cisco ASR 5700
ACS Configuration Mode Commands
▀ firewall dos-protection flooding
▄ Command Line Interface Reference, StarOS Release 17
472
packet limit packet_limit
Specifies the maximum number of packets allowed during a sampling interval.
packet_limit
must be an integer from 1 through 4294967295.
Default: 1000 packets per sampling interval for all protocols.
inactivity-timeout inactivity_timeout
Specifies the inactivity timeout period, in seconds. This allows flooding traffic if the destination is inactive
for more than the configured period.
for more than the configured period.
inactivity_timeout
must be an integer from 1 through 4294967295.
Default: 300 seconds
uplink-sample-interval interval
Specifies the uplink sampling interval, in seconds. The maximum sampling-interval configurable is 60
seconds.
seconds.
interval
must be an integer from 1 through 60.
Default: 1 second
Usage
Use this command to enable Stateful Firewall protection from different types of DoS attacks for all servers or
for those servers mentioned in the host pool. This allows users to safeguard their own servers and other hosts.
DoS attacks are also detected in the downlink direction. The
for those servers mentioned in the host pool. This allows users to safeguard their own servers and other hosts.
DoS attacks are also detected in the downlink direction. The
firewall dos-protection
command must
be configured in the FW-and-NAT Policy Configuration mode.
Example
The following command enables ICMP uplink protection for all servers with packet limit set to
10
:
firewall dos-protection flooding icmp protect-servers all packet limit 10