beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 923

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

35.37

dos

Use this command to configure Denial-of-Service (DoS) features for a port. Six different
DoS attacks can be detected: IP Options, Land, Ping-of-Death, Smurf, Synflood and
Teardrop.

When the attack is detected, three different actions are available:

1.

Shutdown the port for one minute

2.

Cause an SNMP trap.

3.

Send traffic to the mirror port

Syntax

dos {ipoptions|land|ping-of-death|smurf broadcast <ip-address>|

synflood|teardrop} action {shutdown|trap|mirror}

Mode

Interface Configuration for a switch port interface.

Default

DoS attack detection is not configured by default on any switch port interface.

Parameter

Description

dos

Denial-Of-Service.

ipoptions

IP Options attack.

land

Land attack.

ping-of-death

Large ping attack.

smurf

Ping to broadcast address.

broadcast

Broadcast.

<ip-address>

Local IP Broadcast Address.

synflood

SYN flood attack.

teardrop

IP fragmentation attack.

action

Action.

shutdown

Shutdown port.

trap

Trap to SNMP.

mirror

Send packets to mirror port.