Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Technical References
Denial of Service (DoS) Commands
78-21485-01 Command Line Interface Reference Guide
901
50
There is no no form of the security-suite deny martian-addresses
reserved {add |
remove}
command. Use instead the security-suite deny martian-addresses
reserved
remove
command to remove protection (and free up hardware
resources).
Parameters
•
reserved add/remove—Add or remove the table of reserved addresses
below.
below.
•
ip-address—Adds/discards packets with the specified IP source or
destination address.
destination address.
•
mask—Specifies the network mask of the IP address.
•
prefix-length—Specifies the number of bits that comprise the IP address
prefix. The prefix length must be preceded by a forward slash (/).
prefix. The prefix length must be preceded by a forward slash (/).
•
reserved—Discards packets with the source or destination IP address in
the block of the reserved (Martian) IP addresses. See the User Guidelines
for a list of reserved addresses.
the block of the reserved (Martian) IP addresses. See the User Guidelines
for a list of reserved addresses.
Default Configuration
Martian addresses are allowed.
Command Mode
Global Configuration mode
User Guidelines
For this command to work,
security-suite deny martian-addresses
reserved
adds or removes the addresses
in the following table:
Address block
Present Use
0.0.0.0/8 (except
when 0.0.0.0/32 is
the source
address)
when 0.0.0.0/32 is
the source
address)
Addresses in this block refer to source hosts
on "this" network.
on "this" network.
127.0.0.0/8
This block is assigned for use as the Internet
host loopback address.
host loopback address.
192.0.2.0/24
This block is assigned as "TEST-NET" for use
in documentation and example code.
in documentation and example code.