Table of Contents
Advertisement
Security DoS Commands
security-suite dos (Global)
Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x
To enable specific Denial of Service (DoS) protections in security suite, use the
security-suite dos Global Configuration mode command.
To disable specific DoS protections, use the no form of this command.
Syntax
security-suite dos {daeqsa-deny | icmp-frag-pkts-deny | icmpv4-ping-max-check |
icmpv6-ping-max-check | ipv6-min-frag-size-check | land-deny | nullscan-deny |
pod-deny | smurf-deny | syn-sport|1024-deny | synfin-deny | synrst-deny | tcp-frag-
off-min-check | tcpblat-deny | tcphdr-min-check | udpblat-deny | xma-deny}
security-suite dos icmp-ping-max-length
security-suite dos ipv6-min-frag-size-length
security-suite dos smurf-netmask
security-suite dos tcphdr-min-length
no security-suite dos {daeqsa-deny | icmp-frag-pkts-deny | icmpv4-ping-max-
check | icmpv6-ping-max-check | ipv6-min-frag-size-check | land-deny | nullscan-
deny | pod-deny | smurf-deny | syn-sport|1024-deny | synfin-deny | synrst-deny |
tcp-frag-off-min-check | tcpblat-deny | tcphdr-min-check | udpblat-deny | xma-
deny}
Parameters
•
daeqsa-deny—Drops the packets if the destination MAC address equals to
the source MAC address.
•
icmp-frag-pkts-deny—Drops the fragmented ICMP packets.
•
icmpv4-ping-max-check—Checks the maximum size of ICMPv4 ping
packets and drops the packets larger than the maximum packet size.
MAX_LEN
MIN_LEN
MASK
HDR_MIN_LEN
31
423
Advertisement
Table of Contents
