ip-mac [conflict|routing]
ip-mac conflict drop-only
ip-mac conflict [log-and-drop|log-only] log-level [<0-7>|alerts|critical|debug| emergencies|errors|informational|notifications|warnings]
ip-mac routing conflict drop-only
ip-mac routing conflict [log-and-drop|log-only] log-level [<0-7>|alerts|critical|debug| emergencies|errors|informational|notifications|warnings]
ip-mac conflict drop-only
|
conflict |
Action performed when a conflict exists between the IP address and MAC address. This option is enabled by default. |
|
drop-only |
Drops a packet without logging |
ip-mac conflict [log-and-drop|log-only] log-level [<0-7>|alerts|critical|debug| emergencies|errors|informational|notifications|warnings]
|
conflict |
Action performed when a conflict exists between the IP address and MAC address. This option is enabled by default. |
|
log-and-drop |
Logs the event and drops the packet. This is the default setting. |
|
log-only |
Logs the event only, the packet is not dropped |
|
log-level |
Configures the log level |
|
<0-7> |
Sets the numeric logging level |
|
alerts |
Numerical severity 1. Indicates a condition where immediate action is required |
|
critical |
Numerical severity 2. Indicates a critical condition |
|
debugging |
Numerical severity 7. Debugging messages |
|
emergencies |
Numerical severity 0. System is unusable |
|
errors |
Numerical severity 3. Indicates an error condition |
|
informational |
Numerical severity 6. Indicates a informational condition |
|
notification |
Numerical severity 5. Indicates a normal but significant condition |
|
warnings |
Numerical severity 4. Indicates a warning condition. This is the default setting. |
ip-mac routing conflict drop-only
|
routing |
Enables IPMAC routing conflict detection. This is also known as a Hole-196 attack in the network. This feature helps to detect if the client is sending routed packets to the correct router-mac-address. |
|
conflict |
Defines the action performed when a routing table conflict is detected. This option is enabled by default. |
|
drop-only |
Drops a packet without logging |
ip-mac routing conflict [log-and-drop|log-only] log-level [<0-7>|alerts|critical|debug| emergencies|errors|informational|notifications|warnings]
|
routing |
Defines a routing table based action |
|
conflict |
Action performed when a conflict exists in the routing table. This option is enabled by default. |
|
log-and-drop |
Logs the event and drops the packet. This is the default setting. |
|
log-only |
Logs the event only, the packet is not dropped |
|
log-level |
Configures the log level to log this event under |
|
<0-7> |
Sets the numeric logging level |
|
alerts |
Numerical severity 1. Indicates a condition where immediate action is required |
|
critical |
Numerical severity 2. Indicates a critical condition |
|
debugging |
Numerical severity 7. Debugging messages |
|
emergencies |
Numerical severity 0. System is unusable |
|
errors |
Numerical severity 3. Indicates an error condition |
|
informational |
Numerical severity 6. Indicates a informational condition |
|
notification |
Numerical severity 5. Indicates a normal but significant condition |
|
warnings |
Numerical severity 4. Indicates a warning condition. This is the default setting. |
nx9500-6C8809(config-fw-policy-testFW)#ip-mac conflict drop-only
nx9500-6C8809(config-fw-policy-testFW)#ip-mac routing conflict log-and-drop log-level notifications
nx9500-6C8809(config-fw-policy-testFW)#show context firewall-policy testFW ip dos fraggle drop-only ip dos tcp-sequence-past-window drop-only ip dos tcp-max-incomplete high 600 ip dos tcp-max-incomplete low 60 ip-mac conflict drop-only ip-mac routing conflict log-and-drop log-level notifications flow timeout icmp 16000 flow timeout udp 10000 flow timeout tcp established 1500 flow timeout other 16000 dhcp-offer-convert alg facetime dns-snoop entry-timeout 1200 nx9500-6C8809(config-fw-policy-testFW)#
| no | Disables actions based on device IP MAC table, IP address, and MAC address conflict detection |