Specifications
ip dos disable
272 SSR Command Line Interface Reference Manual
ip dos disable
Purpose
Disables denial of service (DOS) features on the SSR.
Format
ip dos disable directed-broadcast-protection|port-attack-protection
Mode
Configure
Description
By default, the SSR installs flows in the hardware so that packets sent as directed
broadcasts are dropped in hardware if directed broadcast is not enabled on the interface
where the packet is received. You can disable this behavior with the
ip dos disable directed-broadcast-protection command.
Similarly, the SSR installs flows to drop packets destined for the SSR for which service is
not provided by the SSR. This prevents packets for unknown services from slowing the
CPU. You can disable this behavior with the ip dos disable port-attack-protection
command, causing these packets to be processed by the CPU.
Parameters
directed-broadcast-protection
Disables the directed-broadcast-protection feature of the SSR. By default the SSR
drops packets sent as directed broadcasts if directed broadcast is not enabled on the
interface where the packet is recieved. This command causes directed broadcast
packets to be processed on the SSR even if directed broadcast is not enabled on the
interface receiving the packet.
port-attack-protection
Disables the port-attack-protection feature of the SSR. By default, packets that are
destined for the SSR, but do not have a service defined for them on the SSR, are
dropped. This prevents packets for unknown services from slowing the SSR’s CPU.
This command disables this behavior, allowing packets destined for the SSR that do
not have a service defined for them on the SSR to be processed by the SSR’s CPU.