Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Technical References
Denial of Service (DoS) Commands
78-21485-01 Command Line Interface Reference Guide
897
50
Syntax
security-suite enable
[global-rules-only]
no security-suite enable
Parameters
global-rules-only—Specifies that all the security suite commands are global
commands only (they cannot be applied per-interface). This setting saves space
in the Ternary Content Addressable Memory (TCAM). If this keyword is not used,
security-suite commands can be used both globally on per-interface.
commands only (they cannot be applied per-interface). This setting saves space
in the Ternary Content Addressable Memory (TCAM). If this keyword is not used,
security-suite commands can be used both globally on per-interface.
Default Configuration
The security suite feature is disabled.
If global-rules-only is not specified, the default is to enable security-suite globally
and per interfaces.
and per interfaces.
Command Mode
Global Configuration mode
User Guidelines
MAC ACLs must be removed before the security-suite is enabled. The rules can
be re-entered after the security-suite is enabled.
be re-entered after the security-suite is enabled.
If ACLs or policy maps are assigned on interfaces, per interface security-suite
rules cannot be enabled.
rules cannot be enabled.
Examples
Example 1—The following example enables the security suite feature and
specifies that security suite commands are global commands only. When an
attempt is made to configure security-suite on a port, it fails.
specifies that security suite commands are global commands only. When an
attempt is made to configure security-suite on a port, it fails.
switchxxxxxx(config)#
security-suite enable global-rules-only
switchxxxxxx(config)#
interface
gi1
switchxxxxxx(config-if)#
security-suite dos syn-attack
199
any
/10
To perform this command, DoS Prevention must be enabled in the per-interface mode.
Example 2—The following example enables the security suite feature globally and
on interfaces. The security-suite command succeeds on the port.
on interfaces. The security-suite command succeeds on the port.