CLI Reference Guide-R02

ManualsBrandsEdgecore Networks ManualsEnterpriseL2+/Lite L3 10G Ethernet Aggregation Switch with 2 40G Uplinks

361

362

363

364

365

366

367

368

369

370

Table Of Contents

Chapter 9

| General Security Measures

Port-based Traffic Segmentation

– 361 –

rate – Maximum allowed rate. (Range: 64-2000 kbits/second)

Default Setting

Disabled, 1000 kbits/second

Command Mode

Global Configuration

Example

Console(config)#dos-protection win-nuke bit-rate-in-kilo 65

Console(config)#

show dos-protection This command shows the configuration settings for the DoS protection commands.

Command Mode

Privileged Exec

Example

Console#show dos-protection

Global DoS Protection:

Echo/Chargen Attack : Disabled, 1000 kilobits per second

LAND Attack : Disabled

Smurf Attack : Enabled

TCP Flooding Attack : Disabled, 1000 kilobits per second

TCP Null Scan : Enabled

TCP SYN/FIN Scan : Enabled

TCP/UDP Packets with Port 0 : Enabled

TCP XMAS Scan : Enabled

UDP Flooding Attack : Disabled, 1000 kilobits per second

WinNuke Attack : Disabled, 1000 kilobits per second

Console#

Port-based Traffic Segmentation

If tighter security is required for passing traffic from different clients through

downlink ports on the local network and over uplink ports to the service provider,

port-based traffic segmentation can be used to isolate traffic for individual clients.

Traffic belonging to each client is isolated to the allocated downlink ports. But the

switch can be configured to either isolate traffic passing across a client’s allocated

uplink ports from the uplink ports assigned to other clients, or to forward traffic

through the uplink ports used by other clients, allowing different clients to share

access to their uplink ports where security is less likely to be compromised.