Configuring dos information – Dell POWEREDGE M1000E User Manual

228

Controlling Management Access

Configuring DoS Information

Beginning in Privileged EXEC mode, use the following commands to specify

settings to help prevent DoS attacks on the switch.

show crypto certificate

mycertificate

View the SSL certificates of your switch.

show ip http server

secure status

Display the HTTPS server configuration.

show ip http server

status

Display the HTTP server configuration.

Command

Purpose

configure

Enter Global Configuration mode.

dos-control sipdip

Enable Source IP Address = Destination IP Address

(SIP=DIP) Denial of Service protection.
If packets ingress with SIP=DIP, the packets is dropped if

the mode is enabled.

dos-control firstfrag

[

size]

Enable Minimum TCP Header Size Denial of Service

protection, where

size is the TCP header size. (Range: 0-

255).

dos-control tcpfrag

Enable TCP Fragment Denial of Service protection.
If packets ingress having IP Fragment Offset equal to one

(1), the packets are dropped.

dos-control tcpflag

Enable TCP Flag Denial of Service protections.
If packets ingress having TCP Flag SYN set and a source

port less than 1024, having TCP Control Flags set to 0 and

TCP Sequence Number set to 0, having TCP Flags FIN,

URG, and PSH set and TCP Sequence Number set to 0, or

having TCP Flags SYN and FIN both set, the packets are

dropped.

dos-control l4port

Enable L4 Port Denial of Service protection.
If packets ingress having Source TCP/UDP Port Number

equal to Destination TCP/UDP Port Number, the packets

are dropped.

Command

Purpose