mac
Commands for Security Feature
462
Chapter 41 Commands for Security
Feature
41.1 dosattack-check srcip-equal-dstip enable
Command: [no] dosattack-check srcip-equal-dstip enable
Function: Enable the function by which the switch checks if the source IP address is
equal to the destination IP address; the “no” form of this command disables this function.
Parameter: None
Default: Disable the function by which the switch checks if the source IP address is
equal to the destination IP address.
Command Mode: Global Mode
Usage Guide: By enabling this function, data packet whose source IP address is equal
to its destination address will be dropped.
Example: Drop the data packet whose source IP address is equal to its destination
address.l
Switch(config)# dosattack-check srcip-equal-dstip enable
41.2 dosattack-check ipv4-first-fragment enable
This command is not supported by switch.
41.3 dosattack-check tcp-flags enable
Command: [no] dosattack-check tcp-flags enable
Function: Enable the function by which the switch will check the unauthorized TCP label
function; the “no” form of this command will disable this function.
Parameter: None
Default: This function disable on the switch by default
Command Mode: Global Mode
Usage Guide: With this function enabled, the switch will be able to drop follow four data
packets containing unauthorized TCP label: SYN=1 while source port is smaller than
1024;TCP label positions are all 0 while its serial No. =0;FIN=1,URG=1,PSH=1 and the
TCP serial No.=0;SYN=1 and FIN=1. This function can be used associating the
“dosattack-check ipv4-first-fragment enable” command.