Configuring Security
Denial of Service Prevention
Cisco 500 Series Stackable Managed Switch Administration Guide
333
18
Defining Martian Addresses
The
Martian Addresses
page
enables entering IP addresses that indicate an
attack if they are seen on the network. Packets from these addresses are
discarded.
The switch supports a set of reserved Martian addresses that are illegal from the
point of view of the IP protocol. The supported reserved Martian addresses are:
•
Addresses defined to be illegal in the
Martian Addresses
page.
•
Addresses that are illegal from the point of view of the protocol, such as
loopback addresses, including addresses within the following ranges:
-
0.0.0.0/8 (Except 0.0.0.0/32 as a Source Address)
—Addresses in this
block refer to source hosts on this network.
-
127.0.0.0/8
—Used as the Internet host loopback address.
-
192.0.2.0/24
—Used as the TEST-NET in documentation and example
codes.
-
224.0.0.0/4 (As a Source IP Address)
—Used in IPv4 Multicast address
assignments, and was formerly known as Class D Address Space.
-
240.0.0.0/4 (Except 255.255.255.255/32 as a Destination
Address)
—Reserved address range, and was formerly known as Class
E Address Space.
You can also add new Martian Addresses for DoS prevention. Packets that have a
Martian addresses are discarded.
To define Martian addresses:
STEP 1
Click
Security
>
Denial of Service Prevention
>
Martian Addresses
. The
Martian Addresses
page is displayed.
STEP 2
Select Reserved Martian Addresses and click
Apply
to include the reserved
Martian Addresses in the System Level Prevention list.
STEP 3
To add a Martian address click
Add
. The
Add Martian Addresses
page is
displayed.
STEP 4
Enter the parameters.
•
IP Version
—Indicates the supported IP version. Currently, support is only
offered for IPv4.