Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
349
5.3 Security Feature Example
Scenario:
The User has follows configuration requirements: the switch do not forward data packet whose
source IP address is equal to the destination address, and those whose source port is equal to
the destination port. Only the ping command with defaulted options is allowed within the IPv4
network, namely the ICMP request packet can not be fragmented and its net length is normally
smaller than 100.
Configuration procedure:
Switch(config)# dosattack-check srcip-equal-dstip enable
Switch(config)# dosattack-check srcport-equal-dstport enable
Switch(config)# dosattack-check icmp-attacking enable
Switch(config)# dosattack-check icmpV4-size 100