This command displays Denial of Service configuration information.
| Format | show dos-control |
| Mode | Privileged EXEC |
Note
Some of the following information displays only if you are using the BCM56224, BCM56514, BCM56624, BCM56634, BCM56636 and BCM56820 and BCM5621x platforms.| First Fragment Mode | The administrative mode of First Fragment DoS prevention. When enabled, this causes the switch to drop packets that have a TCP header smaller then the configured Min TCP Hdr Size. |
| Min TCP Hdr Size | The minimum TCP header size the switch will accept if First Fragment DoS prevention is enabled. |
| ICMPv4 Mode | The administrative mode of ICMPv4 DoS prevention. When enabled, this causes the switch to drop ICMP (Internet Control Message Protocol) packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv4 Payload Size. |
| Max ICMPv4 Payload Size | The maximum ICMPv4 payload size to accept when ICMPv4 DoS protection is enabled. |
| ICMPv6 Mode | The administrative mode of ICMPv6 DoS prevention. When enabled, this causes the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv6 Payload Size. |
| Max ICMPv6 Payload Size | The maximum ICMPv6 payload size to accept when ICMPv6 DoS protection is enabled. |
| ICMPv4 Fragment Mode | The administrative mode of ICMPv4 Fragment DoS prevention. When enabled, this causes the switch to drop fragmented ICMPv4 packets. |
| TCP Port Mode | The administrative mode of TCP Port DoS prevention. When enabled, this causes the switch to drop packets that have the TCP source port equal to the TCP destination port. |
| UDP Port Mode | The administrative mode of UDP Port DoS prevention. When enabled, this causes the switch to drop packets that have the UDP source port equal to the UDP destination port. |
| SIPDIP Mode | The administrative mode of SIP=DIP DoS prevention. Enabling this causes the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is disabled. |
| SMACDMAC Mode | The administrative mode of SMAC=DMAC DoS prevention. Enabling this causes the switch to drop packets that have a source MAC address equal to the destination MAC address. |
| TCP FIN&URG& PSH Mode | The administrative mode of TCP FIN & URG & PSH DoS prevention. Enabling this causes the switch to drop packets that have TCP flags FIN, URG, and PSH set and TCP Sequence Number = 0. |
| TCP Flag & Sequence Mode | The administrative mode of TCP Flag DoS prevention. Enabling this causes the switch to drop packets that have TCP control flags set to 0 and TCP sequence number set to 0. |
| TCP SYN Mode | The administrative mode of TCP SYN DoS prevention. Enabling this causes the switch to drop packets that have TCP Flags SYN set. |
| TCP SYN & FIN Mode | The administrative mode of TCP SYN & FIN DoS prevention. Enabling this causes the switch to drop packets that have TCP Flags SYN and FIN set. |
| TCP Fragment Mode | The administrative mode of TCP Fragment DoS prevention. Enabling this causes the switch to drop packets that have a TCP payload in which the IP payload length minus the IP header size is less than the minimum allowed TCP header size. |
| TCP Offset Mode | The administrative mode of TCP Offset DoS prevention. Enabling this causes the switch to drop packets that have a TCP header Offset equal to 1. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB