6 dos-control l4port, 1 no dos-control l4port, 7 dos-control icmp – Kontron AT8404 CLI User Manual

AT8404

Switching Commands

Page 2 - 129

AT8404 CLI Reference Manual

2.25.6

dos-control l4port

This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of Service prevention
is active for this type of attack. If packets ingress having Source TCP/UDP Port Number equal to Destination TCP/
UDP Port Number, the packets will be dropped if the mode is enabled.

2.25.6.1

no dos-control l4port

This command disables L4 Port Denial of Service protections.

2.25.7

dos-control icmp

This command enables Maximum ICMP Packet Size Denial of Service protections. If the mode is enabled, Denial
of Service prevention is active for this type of attack. If ICMP Echo Request (PING) packets ingress having a size
greater than the configured value, the packets will be dropped if the mode is enabled.

2.25.7.1

no dos-control icmp

This command disables Maximum ICMP Packet Size Denial of Service protections.

2.25.8

show dos-control

This command displays Denial of Service configuration information.

Note: Some applications mirror source and destination L4 ports - RIP for example uses 520 for both. If
you enable dos-control l4port, applications such as RIP may experience packet loss which would render
the application inoperable.

Default

disabled

Format

dos-control l4port

Mode

Global Config

Format

no dos-control l4port

Mode

Global Config

Default

disabled <512>

Format

dos-control icmp <0-1023>

Mode

Global Config

Format

no dos-control icmp

Mode

Global Config

Format

show dos-control

Mode

Privileged EXEC

Term

Definition

SIPDIP Mode

May be enabled or disabled. The factory default is disabled.

First Fragment

Mode

May be enabled or disabled. The factory default is disabled.