Configuring Security
Denial of Service Prevention
Cisco 500 Series Stackable Managed Switch Administration Guide
335
18
STEP 4
Click
Apply
. The SYN filter is defined, and the Running Configuration file is
updated.
Define SYN Rate Protection
The
SYN Rate Protection
page
enables
limiting the number of SYN packets
received on the ingress port. This can mitigate the effect of a SYN flood against
servers, by rate limiting the number of new connections.
This feature is only available when the device is in Layer 2 mode.
To define SYN rate protection:
STEP 1
Click
Security
>
Denial of Service Prevention
>
SYN Rate Protection
. The
SYN
Rate Protection
page is displayed.
This page is displayed the SYN rate protection currently defined per interface.
STEP 2
Click
Add
. The
Add SYN Rate Protection
page is displayed.
STEP 3
Enter the parameters.
•
Interface
—Select the interface on which the rate protection is being
defined.
•
IP Address
—Enter the IP address for which the SYN rate protection is
defined or select
All Addresses
. If you enter the IP address, enter either the
mask or prefix length.
•
Network Mask
—Select the format for the subnet mask for the source IP
address, and enter a value in one of the field:
-
Mask
—Select the subnet to which the source IP address belongs and
enter the subnet mask in dotted decimal format.
-
Prefix Length
—Select the Prefix Length and enter the number of bits that
comprise the source IP address prefix.
•
SYN Rate Limit
—Enter the number of SYN packets that be received.
STEP 4
Click
Apply
. The SYN rate protection is defined, and the Running Configuration is
updated.