User Manual
Table Of Contents
- S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches with 2 or 4 SFP Ports
- Contents
- 1 Get Started
- Available Publications
- Switch Management and Discovery Overview
- Options to Change the Default IP Address of the Switch
- Discover or Change the Switch IP Address
- About the User Interfaces
- Access the Local Browser Interface
- Change the Language of the Local Browser Interface
- Use the Device View of the Local Browser Interface
- Interface Naming Conventions
- Configure Interface Settings
- Context-Sensitive Help and Access to the Support WebSite
- Access the User Manual Online
- Register Your Product
- 2 Configure System Information
- 3 Configure Switching
- Configure the Port Settings and Maximum Frame Size
- Configure Link Aggregation Groups
- Configure LAG Settings
- Configure LAG Membership
- Set the LACP System Priority
- Set the LACP Port Priority Settings
- Configure VLANs
- Configure VLAN Settings
- Configure VLAN Membership
- View the VLAN Status
- Configure Port PVID Settings
- Configure a MAC-Based VLAN
- Configure Protocol-Based VLAN Groups
- Configure Protocol-Based VLAN Group Membership
- Configure a Voice VLAN
- Configure Auto-VoIP
- Configure Spanning Tree Protocol
- Configure Multicast
- View, Search, or Clear the MFDB Table
- View the MFDB Statistics
- Configure the Auto-Video Multicast Settings
- About IGMP Snooping
- Configure IGMP Snooping
- Configure IGMP Snooping for Interfaces
- View, Search, or Clear the IGMP Snooping Table
- Configure IGMP Snooping for VLANs
- Modify IGMP Snooping Settings for a VLAN
- Disable IGMP Snooping on a VLAN
- Configure a Multicast Router Interface
- Configure a Multicast Router VLAN
- IGMP Snooping Querier Overview
- Configure an IGMP Snooping Querier
- Configure an IGMP Snooping Querier for VLANs
- Display IGMP Snooping Querier for VLAN Status
- View, Search, and Manage the MAC Address Table
- Configure Layer 2 Loop Protection
- 4 Configure Quality of Service
- 5 Manage Device Security
- Configure the Management Security Settings
- Configure Management Access
- Configure Port Authentication
- Set Up Traffic Control
- Configure Access Control Lists
- Use the ACL Wizard to Create a Simple ACL
- Configure a Basic MAC ACL
- Configure MAC ACL Rules
- Configure MAC Bindings
- View or Delete MAC ACL Bindings in the MAC Binding Table
- Configure a Basic or Extended IP ACL
- Configure Rules for a Basic IP ACL
- Configure Rules for an Extended IP ACL
- Configure IP ACL Interface Bindings
- View or Delete IP ACL Bindings in the IP ACL Binding Table
- 6 Monitor the System
- 7 Maintenance
- A Configuration Examples
- B Specifications and Default Settings
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches
Configure System Information User Manual57
6. Select the types of DoS attacks for the switch to monitor and block and configure any
associated values:
• Denial of Service Min TCP Header Size. Specify the minimum TCP header size
allowed. If DoS TCP Fragment is enabled, the switch drops packets with a TCP
header smaller than the configured value. The default value is 20.
• Denial of Service ICMPv4. Enabling ICMPv4 DoS prevention causes the switch to
drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater than
the configured ICMPv4 packet size.
• Denial of Service Max ICMPv4 Packet Size. Specify the maximum ICMPv4 packet
size allowed. If ICMPv4 DoS prevention is enabled, the switch drops IPv4 ICMP ping
packets with a size greater than the configured value. The default value is 512.
• Denial of Service ICMPv6. Enabling ICMPv6 DoS prevention causes the switch to
drop ICMPv6 packets with a type set to ECHO_REQ (ping) and a size greater than
the configured ICMPv6 packet size.
• Denial of Service Max ICMPv6 Packet Size. Specify the maximum ICMPv6 packet
size allowed. If ICMPv6 DoS prevention is enabled, the switch drops IPv6 ICMP ping
packets with a size greater than the configured value. The default value is 512.
• Denial of Service First Fragment. Enabling First Fragment DoS prevention causes
the switch to check DoS options for the first-fragment IP packets if the switch receives
fragmented IP packets. Otherwise, the switch ignores the first-fragment IP packets.
• Denial of Service ICMP Fragment. Enabling ICMP Fragment DoS prevention
causes the switch to drop ICMP fragmented packets.
• Denial of Service Smurf. Enabling Smurf DoS prevention causes the switch to drop
broadcast ICMP echo request packet.
• Denial of Service SIP=DIP. Enabling SIP=DIP DoS prevention causes the switch to
drop packets with a source IP address equal to the destination IP address.
• Denial of Service SMAC=DMAC. Enabling SMAC=DMAC DoS prevention causes
the switch to drop packets with a source MAC address equal to the destination MAC
address.
• Denial of Service TCP FIN&URG&PSH. Enabling TCP FIN & URG & PSH DoS
prevention causes the switch to drop packets with TCP flags FIN, URG, and PSH set
and the TCP sequence number equal to 0.
• Denial of Service TCP Flag&Sequence. Enabling TCP Flag DoS prevention causes
the switch to drop packets with TCP control flags set to 0 and the TCP sequence
number set to 0.
• Denial of Service TCP Fragment. Enabling TCP Fragment DoS prevention causes
the switch to drop packets with a TCP payload for which the IP payload length minus
the IP header size is less than the minimum allowed TCP header size.
• Denial of Service TCP Offset. Enabling TCP Offset DoS prevention causes the
switch to drop packets with a TCP header offset set to 1.
• Denial of Service TCP Port. Enabling TCP Port DoS prevention causes the switch to
drop packets for which the TCP source port is equal to the TCP destination port.