Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module

391

392

393

394

395

396

397

398

399

400

to the router for a specic service (such as SSH or BGP) with a SYN ACK, the router waits for a period of time for the ACK packet to be

sent from the requesting host that will establish the TCP connection.

You can set this duration or interval for which the TCP connection waits to be established to a signicantly high value to prevent the device

from moving into an out-of-service condition or becoming unresponsive during a SYN ood attack that occurs on the device. You can set

the wait time to be 10 seconds or lower. If the device does not contain any BGP connections with the BGP neighbors across WAN links,

you must set this interval to a higher value, depending on the complexity of your network and the conguration attributes.

To congure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP

connection, perform the following steps:

1 Dene the wait duration in seconds for the TCP connection to be established.

CONFIGURATION mode

Dell(conf)#ip tcp reduced-syn-ack-wait <9-75>

You can use the no ip tcp reduced-syn-ack-wait command to restore the default behavior, which causes the wait period to

be set as 8 seconds.

2 View the interval that you congured for the device to wait before the TCP connection is attempted to be established.

EXEC mode

Dell>show ip tcp reduced-syn-ack-wait

Enabling Directed Broadcast

By default, the system drops directed broadcast packets destined for an interface. This default setting provides some protection against

denial of service (DoS) attacks.

To enable the system to receive directed broadcasts, use the following command.

• Enable directed broadcast.

INTERFACE mode

ip directed-broadcast

To view the conguration, use the show config command in INTERFACE mode.

Resolution of Host Names

Domain name service (DNS) maps host names to IP addresses. This feature simplies such commands as Telnet and FTP by allowing you

to enter a name instead of an IP address.

Dynamic resolution of host names is disabled by default. Unless you enable the feature, the system resolves only host names entered into

the host table with the ip host command.

The following sections describe DNS and the resolution of host names.

• Enabling Dynamic Resolution of Host Names

• Specifying the Local System Domain and a List of Domains

• Conguring DNS with Traceroute

Enabling Dynamic Resolution of Host Names

By default, dynamic resolution of host names (DNS) is disabled.

To enable DNS, use the following commands.

• Enable dynamic resolution of host names.

IPv4 Routing

393