Ecurity, Eature, Xample – QTECH QSW-2800 Инструкция по настройке User Manual

Page 324: 3 security feature example

background image

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

310

[no] dosattack-check icmp-attacking

enable

Enable/disable the prevent ICMP fragment

attack function.

dosattack-check icmpv4-size

Configure the max permitted ICMPv4 net load

length. This command has not effect when used

separately, the user have to enable the

dosattack-check icmp-attacking enable.

41.3 Security Feature Example

Scenario:

The User has follows configuration requirements: the switch do not forward data packet whose

source IP address is equal to the destination address, and those whose source port is equal to

the destination port. Only the ping command with defaulted options is allowed within the IPv4

network, namely the ICMP request packet can not be fragmented and its net length is normally

smaller than 100.

Configuration procedure:

Switch(config)# dosattack-check srcip-equal-dstip enable

Switch(config)# dosattack-check srcport-equal-dstport enable

Switch(config)# dosattack-check icmp-attacking enable

Switch(config)# dosattack-check icmpV4-size 100