mac
407
Example: Drop one or more types of above four packet types.
Switch(config)#dosattack-check tcp-flags enable
28.4 dosattack-check srcport-equal-dstport enable
Command: dosattack-check srcport-equal-dstport enable
no dosattack-check srcport-equal-dstport enable
Function: Enable the function by which the switch will check if the source port is equal to
the destination port; the no command disables this function.
Parameter: None
Default: Disable the function by which the switch will check if the source port is equal to
the destination port.
Command Mode: Global Mode
Usage Guide: With this function enabled, the switch will be able to drop TCP and UDP
data packet whose destination port is equal to the source port. This function can be used
associating the ―dosattack-check ipv4-first-fragment enable‖ function so to block the IPv4
fragment TCP and UDP data packet whose destination port is equal to the source port.
Example: Drop the non-fragment TCP and UDP data packet whose destination port is
equal to the source port.
Switch(config)#dosattack-check srcport-equal-dstport enable
28.5 dosattack-check tcp-fragment enable
This command is not supported by switch.
28.6 dosattack-check tcp-segment
This command is not supported by switch.
28.7 dosattack-check icmp-attacking enable
Command: [no] dosattack-check icmp-attacking enable
Function: Enable the ICMP fragment attack checking function on the switch; the ―no‖
form of this command disables this function.
Parameter: None
Default: Disable the ICMP fragment attack checking function on the switch
Command Mode: Global Mode