Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Technical References
Denial of Service (DoS) Commands
78-21485-01 Command Line Interface Reference Guide
899
50
Example
The following example protects the system from the Invasor Trojan DOS attack.
switchxxxxxx(config)#
security-suite dos protect add invasor-trojan
50.8
security-suite dos syn-attack
Use the security-suite dos syn-attack Interface Configuration mode command to
rate limit Denial of Service (DoS) SYN attacks. This provides partial blocking of
SNY packets (up to the rate that the user specifies).
rate limit Denial of Service (DoS) SYN attacks. This provides partial blocking of
SNY packets (up to the rate that the user specifies).
Use the no form of this command to disable rate limiting.
Note: This feature is only supported when the device is in Layer 2 switch mode.
Syntax
security-suite dos syn-attack
syn-rate
{
any | ip-address
} {
mask
| /
prefix-length
}
no security-suite dos syn-attack {
any | ip-address
} {
mask
| /
prefix-length
}
Parameters
•
syn-rate—Specifies the maximum number of connections per second.
(Range: 199–1000)
(Range: 199–1000)
•
any | ip-address—Specifies the destination IP address. Use any to specify
all IP addresses.
all IP addresses.
•
mask—Specifies the network mask of the destination IP address.
•
prefix-length—Specifies the number of bits that comprise the destination IP
address prefix. The prefix length must be preceded by a forward slash (/).
address prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration
No rate limit is configured.
If ip-address is unspecified, the default is 255.255.255.255
If prefix-length is unspecified, the default is 32.
Command Mode
Interface Configuration (Ethernet, Port-channel) mode