beautypg.com

16 show lldp local-device detail, 18 denial of service commands, 1 dos-control sipdip – Kontron AT8902 Full Size CLI User Manual

Page 107: 16 show lldp local-device detail - 73, 18 denial of service commands - 73, 1 dos-control sipdip - 73

background image

AT8901/2/3

Page 2 - 73

AT8901/2/3 CLI Reference Manual

2.17.16

show lldp local-device detail

Use this command to display detailed information about the LLDP data a specific
interface transmits.

Format

show lldp local-device detail >

Mode

Privileged EXEC

Interface

Identifies the interface that sends the LLDPDU.

Chassis ID Subtype Shows the type of identification used in the Chassis ID field.
Chassis ID

Identifies the chassis of the local device.

Port ID Subtype Identifies the type of port on the local device.
Port ID

Shows the port number that transmitted the LLDPDU.

System Name Shows the system name of the local device.
System Description Describes the local system by identifying the system name and

versions of hardware, operating system, and networking software sup-
ported in the device.

Port Description Describes the port in an alpha-numeric format.
System Capabilities Supported Indicates the primary function(s) of the device.
System Capabilities Enabled Shows which of the supported system capabilities are

enabled.

Management Address Lists the type of address and the specific address the local

LLDP agent uses to send and receive information.

2.18

Denial of Service Commands

This section describes the commands you use to configure DoS Control. FASTPATH
software provides support for classifying and blocking specific types of Denial of
Service attacks. You can configure your system to monitor and block six types of
attacks:

SIP=DIP: Source IP address = Destination IP address.

First Fragment:TCP Header size smaller then configured value.

TCP Fragment: IP Fragment Offset = 1.

TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0
and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP
Sequence Number = 0 or TCP Flags SYN and FIN set.

L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port.

ICMP: Limiting the size of ICMP Ping packets.

2.18.1

dos-control sipdip

This command enables Source IP Address = Destination IP Address (SIP=DIP) Denial
of Service protection. If the mode is enabled, Denial of Service prevention is active for
this type of attack. If packets ingress with SIP=DIP, the packets will be dropped if the
mode is enabled.

Default

disabled

See also other documents in the category Kontron Hardware: