Cisco Cisco Packet Data Gateway (PDG)
ACS Configuration Mode Commands
firewall dos-protection ip-sweep ▀
Command Line Interface Reference, StarOS Release 18 ▄
477
firewall dos-protection ip-sweep
This command is configured to detect Source IP-based flooding attacks in the uplink direction.
Important:
In StarOS 17.0 and later releases, the IPsweep feature is not enabled in the ACS Configuration mode,
and must be enabled in the Firewall-and-NAT Policy Configuration mode. Hence, this command is no longer supported
and left in place for backward compatibility.
and left in place for backward compatibility.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration
active-charging service service_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-acs)#
Syntax
firewall dos-protection ip-sweep { icmp | tcp-syn | udp } protect-servers { all | host-
pool hostpool_name } packet limit packet_limit | downlink-server-limit server_limit |
inactivity-timeout timeout | sample-interval interval }
pool hostpool_name } packet limit packet_limit | downlink-server-limit server_limit |
inactivity-timeout timeout | sample-interval interval }
default firewall dos-protection ip-sweep { downlink-server-limit | icmp | inactivity-
timeout | sample-interval | tcp-syn | udp }
timeout | sample-interval | tcp-syn | udp }
no firewall dos-protection ip-sweep { icmp | tcp-syn | udp }
default
Disables Stateful Firewall protection for subscribers against all DoS attacks.
no
Disables Stateful Firewall protection for subscribers against the specified Denial of Service (DoS) attack(s).
ip-sweep { icmp | tcp-syn | udp } protect-servers { all | host-pool hostpool_name
Enables protection against the specified flooding attack:
icmp
: Enables source IP-based flood attack detection for ICMP.
tcp-syn
: Enables source IP-based flood attack detection for TCP-SYN.
udp
: Enables source IP-based flood attack detection for UDP.
all
: Enables protection for all the servers.
host-pool hostpool_name
: Specifies the name of the host pool.
hostpool_name
must be an
alphanumeric string of 1 through 63 characters.