Protection against attack in hardware, Peak bp utilization with trap, Show cpu-utilization command enhancement – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 20

Advertising
background image

6

ServerIron ADX Security Guide

53-1002440-03

Peak BP utilization with TRAP

1

ServerIronADX# server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0 200.1.1.1 6

80

Prioritization of TCP port 80 traffic to management IP 200.1.1.1 from any source IP address

ServerIronADX# server prioritize-mgmt-traffic any 200.1.1.1 6 80

Prioritization of UDP port 2222 traffic to management IP 200.1.1.1

ServerIronADX# server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0 200.1.1.1 17

2222

Prioritization of IP protocol 89 (OSPF) traffic to management IP 200.1.1.1

ServerIronADX# server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0 200.1.1.1 89

Protection against attack in hardware

ServerIron ADX allows for protection against attack in hardware without impacting MP or BP CPU
utilization. Configure the server the drop-all-mgmt-access command to drop all traffic destined to a
specified management IP address.

The following command drops all traffic destined to the management IP address 10.45.16.104.

ServerIronADX(config)# server drop-all-mgmt-access 10.45.16.104

Syntax: [no] server drop-all-mgmt-access <destination ip>

NOTE

For a router, the destination IP address is the physical or ve interface IP address For a switch, the
destination IP address is the management IP address.

The server drop-all-mgmt-access feature when used in combination with the server
prioritize-mgmt-traffic feature allows you to prioritize valid traffic while blocking unwanted traffic
destined to the management IP address.

For example, with the following configuration, only ssh, telnet and http traffic destined to
management IP address 10.45.16.104 will be prioritized and all other traffic destined to
10.45.16.104 will be dropped.

ServerIronADX(config)#server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0

10.45.16.104 6 22

ServerIronADX(config)#server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0

10.45.16.104 6 23

ServerIronADX(config)#server prioritize-mgmt-traffic 1.1.1.1 255.255.255.0

10.45.16.104 6 80

ServerIronADX(config)#server drop-all-mgmt-access 10.45.16.104

Peak BP utilization with TRAP

Show CPU-utilization command enhancement

The show cpu-utilization command displays CPU utilization peaks since the system boot or the last
reset of counters (using the clear cpu utilization command).

The command, clear cpu-utilization, on both the MP and the BP is used to reset the counter.

Advertising
Popular Brands
Popular manuals