Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Technical References
50
78-21485-01 Command Line Interface Reference Guide
892
Denial of Service (DoS) Commands
50.1
security-suite deny syn-fin
Use the security-suite deny syn-fin Global Configuration mode command to drop
all ingressing TCP packets in which both SYN and FIN are set.
all ingressing TCP packets in which both SYN and FIN are set.
Use the no form of this command to permit TCP packets in which both SYN and
FIN are set.
FIN are set.
Syntax
security-suite deny syn-fin
no security-suite deny syn-fin
Default Configuration
The feature is disabled by default.
Command Mode
Global Configuration mode
Example
The following example blocks TCP packets in which both SYN and FIN flags are
set.
set.
switchxxxxxx(config)#
security-suite deny sin-fin
50.2
security-suite syn protection mode
Use the security-suite syn protection mode Global Configuration mode command to
se
t the TCP SYN
protection mode.
Use the no form of this command to set the TCP SYN protection mode to default.
Syntax
For security-suite syn protection mode {disabled | report | block}