Configuring Simulated Denial of Service Protection

The conservative way to deploy DoS protection is to use the simulated mode first. In simulated mode, DoS protection is enabled, but no ACLs are generated.

Enable the simulated mode using the command:
enable dos-protect simulated

This mode is useful to gather information about normal traffic levels on the switch. This will assist in configuring denial of service protection so that legitimate traffic is not blocked.

The following topics describe how to configure DoS protection, including alert thresholds, notify thresholds, ACL expiration time, and so on.