Allied Telesis AT-S63 User Manual

Chapter 31: Denial of Service Defense

666

Section IV: Security

b. Type 1 to select IP Address.

The following prompt is displayed:

Enter the IP Address for the LAN:

Enter the IP address of one of the devices connected to the

switch, preferably the lowest IP address.

c. Type 2 to select Subnet Mask.

The following prompt is displayed:

Enter the Subnet Mask for the LAN:

Enter the mask. A binary “1” indicates the switch should filter
on the corresponding bit of the IP address, while a “0”
indicates that it should not. As an example, assume that the
devices connected to a switch are using the IP address range
149.11.11.1 to 149.11.11.50. The mask would be 0.0.0.63.

d. If you are activating the Land defense, type 3 to select Uplink Port.

The following prompt is displayed:

Enter the Uplink Port for the LAN [0 to 24]:

Enter the number of the port connected to the device (e.g.,
DSL router) that leads outside your network. You can specify
only one uplink port.

e. Type R to return to the Denial of Service (DoS) Configuration

menu and continue with the next step.

4. Type the number of the DoS attack that you want to protect against.

The following prompt is displayed:

Enter port-list:

5. Enter the port(s) where you want to activate the defense.

Note

If you plan to use the Teardrop defense, Allied Telesyn recommends
activating it on only the uplink port and one other port. The defense
is CPU intensive and can overwhelm the switch’s CPU.