3 commands for security feature, 1 dosattack-check srcip-equal-dstip enable, 2 dosattack-check ipv4-first-fragment enable – Accton Technology ES4626 User Manual

105

dosattack-check icmpv6-size <size>

dosattack-check icmp-attacking enable

Configure the max permitted ICMPv6 net

length. This command has not effect when

used separately, the user have to enable the

dosattack-check icmp-attacking enable

2.6.3 Commands for Security Feature

2.6.3.1 dosattack-check srcip-equal-dstip enable

Command: [no] dosattack-check srcip-equal-dstip enable

Function:

Enable the function by which the switch checks if the source IP address is

equal to the destination IP address; the “no” form of this command disables this function.

Parameter:

None

Default:

Disable the function by which the switch checks if the source IP address is equal

to the destination IP address.

Command Mode:Global Mode

Usage Guide:

By enabling this function, data packet whose source IP address is equal

to its destination address will be dropped

Example:

Drop the data packet whose source IP address is equal to its destination

address

Switch(Config)# dosattack-check srcip-equal-dstip enable

2.6.3.2 dosattack-check ipv4-first-fragment enable

Command: [no] dosattack-check ipv4-first-fragment enable

Function:

Enable the function by which the switch checks the first fragment packet of

IPv4; the “no” form of this command disables this function.

Parameter:

None

Command Mode:Global Mode

Usage Guide:

This command has no effect when used separately. It should be used

associating dosattack-check tcp-flags enable or dosattack-check

srcport-equal-dstport enable

command.

Example:

Drop the IPv4 fragment or non-fragment data packet whose source port is

equal to its destination port.

Switch(Config)# dosattack-check ipv4-first-fragment enable

Switch(Config)# dosattack-check srcport-equal-dstport enable

2.6.3.3 dosattack-check tcp-flags enable

Command: [no] dosattack-check tcp-flags enable