Security-Suite Deny Syn - Cisco 300 Series Cli Manual
Small business 300 series managed switches
command line interface guide release 1.3
Hide thumbs
Also See for 300 Series:
- Cli manual (1117 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
Denial of Service (DoS) Commands
78-21075-01 Command Line Interface Reference Guide
Address block
224.0.0.0/4 as source
240.0.0.0/4 (except when
255.255.255.255/32 is
the destination address)
Note that if the reserved addresses are included, individual reserved addresses
cannot be removed.
Example
The following example discards all packets with a source or destination address in
the block of the reserved IP addresses.
switchxxxxxx(config)#
50.5
security-suite deny syn
Use the security-suite deny syn Interface Configuration (Ethernet, Port-channel)
mode command to block the creation of TCP connections from a specific
interface. This a complete block of these connections.
Use the no form of this command to permit creation of TCP connections.
Syntax
security-suite deny syn {
/prefix-length}] |
[remove {tcp-port | any} {ip-address | any} {mask | /prefix-length}]}
no security-suite deny syn
Parameters
•
ip-address | any—Specifies the destination IP address. Use any to specify
all IP addresses.
•
mask— Specifies the network mask of the destination IP address.
•
prefix-length—Specifies the number of bits that comprise the destination IP
address prefix. The prefix length must be preceded by a forward slash (/).
Present Use
This block, formerly known as the Class D address space,
is allocated for use in IPv4 multicast address assignments.
This block, formerly known as the Class E address space,
is reserved.
security-suite deny martian-addresses reserved add
[add {tcp-port | any} {ip-address | any} {mask |
50
845
Advertisement
Table of Contents
