Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Technical References
Denial of Service (DoS) Commands
78-21485-01 Command Line Interface Reference Guide
893
50
no security-suite syn protection mode
Parameters
•
disabled
—Feature is disabled
•
report
—Feature reports about TCP SYN traffic per port (including
rate-limited SYSLOG message when an attack is identified)
•
block—TCP SYN traffic from attacking ports destined to the local system is
blocked, and a rate-limited SYSLOG message (one per minute) is generated
blocked, and a rate-limited SYSLOG message (one per minute) is generated
Default Configuration
The default mode is block.
Command Mode
Global Configuration mode
User Guidelines
On ports in which an ACL is defined (user-defined ACL etc.), this feature cannot block TCP SYN
packets. In case the protection mode is block but SYN Traffic cannot be blocked, a relevant SYSLOG
message will be created, e.g.: “port gi1/1/1 is under TCP SYN attack. TCP SYN traffic cannot be
blocked on this port since the port is bound to an ACL.”
packets. In case the protection mode is block but SYN Traffic cannot be blocked, a relevant SYSLOG
message will be created, e.g.: “port gi1/1/1 is under TCP SYN attack. TCP SYN traffic cannot be
blocked on this port since the port is bound to an ACL.”
Examples
Example 1:
The following example sets the TCP SYN protection feature to report
TCP SYN attack on ports in case an attack is identified from these ports.
switchxxxxxx(config)#
security-suite syn protection mode report
…
01-Jan-2012 05:29:46:
A TCP SYN Attack was identified on port gi1/1/1
s
Example 2:
The following example sets the TCP SYN protection feature to block
TCP SYN attack on ports in case an attack is identified from these ports.
switchxxxxxx(config)#
security-suite syn protection mode block
…
01-Jan-2012 05:29:46:
A TCP SYN Attack was identified on port gi1/1/1. TCP
SYN traffic destined to the local system is automatically blocked for 100
seconds.