Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Technical References

Denial of Service (DoS) Commands

78-21485-01 Command Line Interface Reference Guide

897

50

Syntax

security-suite enable

 [global-rules-only]

no security-suite enable

Parameters

global-rules-only—Specifies that all the security suite commands are global 
commands only (they cannot be applied per-interface). This setting saves space 
in the Ternary Content Addressable Memory (TCAM). If this keyword is not used, 
security-suite commands can be used both globally on per-interface.

Default Configuration

The security suite feature is disabled.

If global-rules-only is not specified, the default is to enable security-suite globally 
and per interfaces.

Command Mode

Global Configuration mode

User Guidelines

MAC ACLs must be removed before the security-suite is enabled. The rules can 
be re-entered after the security-suite is enabled.

If ACLs or policy maps are assigned on interfaces, per interface security-suite 
rules cannot be enabled.

Examples

Example 1—The following example enables the security suite feature and 
specifies that security suite commands are global commands only. When an 
attempt is made to configure security-suite on a port, it fails.

switchxxxxxx(config)# 

switchxxxxxx(config)# 

 gi1

switchxxxxxx(config-if)# 

 199 

 /10

To perform this command, DoS Prevention must be enabled in the per-interface mode.

Example 2—The following example enables the security suite feature globally and 
on interfaces. The security-suite command succeeds on the port.