beautypg.com

Chapter 45 commands for security feature, 1 dosattack-check srcip-equal-dstip enable, 2 dosattack-check ipv4-first-fragment enable – PLANET XGS3-24040 User Manual

Page 776: 3 dosattack-check tcp-flags enable, Dosattack, Check srcip, Equal, Dstip enable, Check ipv, First

background image


45-1

Chapter 45 Commands for Security

Feature

45.1 dosattack-check srcip-equal-dstip enable

Command: [no] dosattack-check srcip-equal-dstip enable

Function: Enable the function by which the switch checks if the source IP address is equal to the

destination IP address; the “no” form of this command disables this function.

Parameter: None

Default: Disable the function by which the switch checks if the source IP address is equal to the

destination IP address.

Command Mode: Global Mode

Usage Guide: By enabling this function, data packet whose source IP address is equal to its destination

address will be dropped

Example: Drop the data packet whose source IP address is equal to its destination address

Switch(config)# dosattack-check srcip-equal-dstip enable

Switch(config)# dosattack-check srcip-equal-dstip enable

45.2 dosattack-check ipv4-first-fragment enable

Command: [no] dosattack-check ipv4-first-fragment enable

Function: Enable the function by which the switch checks the first fragment packet of IPv4; the “no” form

of this command disables this function.

Parameter: None

Command Mode: Global Mode

Usage Guide: This command has no effect when used separately. It should be used associating

dosattack-check tcp-flags enable or dosattack-check srcport-equal-dstport enable command.

Example: Drop the IPv4 fragment or non-fragment data packet whose source port is equal to its

destination port.

Switch(config)# dosattack-check ipv4-first-fragment enable

Switch(config)# dosattack-check srcport-equal-dstport enable

45.3 dosattack-check tcp-flags enable

Command: [no] dosattack-check tcp-flags enable

Function: Enable the function by which the switch will check the unauthorized TCP label function; the

“no” form of this command will disable this function.

Parameter: None

Default: This function disable on the switch by default

Command Mode: Global Mode

Usage Guide: With this function enabled, the switch will be able to drop follow four data packets

containing unauthorized TCP label: SYN=1 while source port is smaller than 1024;TCP label positions

See also other documents in the category PLANET Routers: