Examples for defining a DoS class using ACLs
• Use the
ip access-control-list
command to enter the configuration mode of an
ACL. For example:
Gxxx-001(super)# ip access-control-list 301
• Use the
ip-rule
command to enter the configuration mode of an ACL rule. For example:
Gxxx-001(super)# ip-rule 1
• Use the
dos-classification
command to configure the name of the DoS attack
classification. Possible values are: fraggle, smurf, ip-spoofing, other-attack-100, other-
attack-101, other-attack-102, other-attack-103, other-attack-104, and other-attack-105.
For example:
Gxxx-001(super-ACL 301/ip rule 1)# dos-classification smurf
Done!
• Use
destination-ip
or
ip-protocol
commands to define the packet criteria to
which the ACL rule should apply. See
on page 569.
You can use
destination-ip
to specify that the rule applies to packets with a specific
destination address and you can use
ip-protocol
to specify that the rule applies to
packets with a specific protocol:
Gxxx-001(super-ACL 301/ip rule 1)# destination-ip 255.255.255.255 0.0.0.0
Done!
Gxxx-001(super-ACL 301/ip rule 1)# ip-protocol icmp
Done!
• Use the
composite-operation
command to associate the ACL rule with the
predefined operation “deny-notify,” that tells the Branch Gateway to drop any packet
received that matches the ACL rule, and send a trap upon dropping the packet. For
example:
Gxxx-001(super-ACL 301/ip rule 1)# composite-operation deny-notify
Done!
• Use the following example to exit the ACL rule:
Gxxx-001(super-ACL 301/ip rule 1)# exit
• Use the following example to exit the ACL:
Gxxx-001(super-ACL 301)# exit
• An example for entering the configuration mode of the interface on which you want to
activate the ACL:
Gxxx-001(super)# interface vlan 203
• An example for activating the configured ACL for incoming packets on the desired
interface:
Gxxx-001(super-if:vlan 203)# ip access-group 301 in
Done!
Special security features
Administering Avaya G430 Branch Gateway
October 2013 59
Summary of Contents for G430
Page 1: ...Administering Avaya G430 Branch Gateway Release 6 3 03 603228 Issue 5 October 2013 ...
Page 12: ...12 Administering Avaya G430 Branch Gateway October 2013 ...
Page 246: ...VoIP QoS 246 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...
Page 556: ...IPSec VPN 556 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...