Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
ACS Configuration Mode Commands
▀ firewall dos-protection flooding
▄ Cisco ASR 5x00 Command Line Interface Reference
450
firewall dos-protection flooding
This command is configured to protect servers from mobile subscribers in the uplink direction.
Product
PSF
NAT
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration
active-charging service service_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-acs)#
Syntax
firewall dos-protection flooding { { icmp | tcp-syn | udp } protect-servers { all | host-
pool hostpool_name } packet limit packet_limit | inactivity-timeout timeout | uplink-
sample-interval interval }
pool hostpool_name } packet limit packet_limit | inactivity-timeout timeout | uplink-
sample-interval interval }
default firewall dos-protection flooding { icmp | tcp-syn | udp | inactivity-timeout |
uplink-sample-interval }
uplink-sample-interval }
no firewall dos-protection flooding { icmp | tcp-syn | udp }
no
Disables Stateful Firewall protection for subscribers against the specified Denial of Service (DoS) attack(s).
default
Disables Stateful Firewall protection for subscribers against all DoS attacks.
flooding { icmp | tcp-syn | udp } protect-servers { all | host-pool hostpool_name
Enables protection against the specified flooding attack:
icmp
: Enables ICMP uplink flooding protection.
tcp-syn
: Enables TCP Syn uplink flooding protection.
udp
: Enables UDP uplink flooding protection.
all
: Enables protection for all the servers.
host-pool hostpool_name
: Specifies the name of the host pool.
hostpool_name
must be an
alphanumeric string of 1 through 63 characters.
packet limit packet_limit
Specifies the maximum number of packets allowed during a sampling interval.
packet_limit
must be an integer from 1 through 4294967295.
Default: 1000 packets per sampling interval for all protocols.