UMN:CLI
User Manual
V8102
232
7.16
TCP Flag Control
Transmission Control Protocol (TCP) header includes six kinds of flags that are URG,
ACK, PSH, RST, SYN, and FIN. For the V8102, you can configure RST and SYN as the
below.
7.16.1
RST Configuration
RST sends a message when TCP connection cannot be done to a person who tries to
make it. However, it is also possible to configure to block the message. This function will
help prevent that hackers can find impossible connections.
To configure not to send the message that informs TCP connection cannot be done, use
the following command.
Command
Mode
Description
ip tcp ignore rst-unknown
Global
Configures to block the message that informs TCP
connection cannot be done.
no ip tcp ignore rst-unknown
Disables the unknown RST ignoring.
7.16.2
SYN Configuration
SYN sets up TCP connection. The V8102 transmits cookies with SYN to a person who
tries to make TCP connection. And only when transmitted cookies are returned, it is pos-
sible to permit TCP connection. This function prevents connection overcrowding because
of accessed users who are not using and helps the other users use service.
To permit connection only when transmitted cookies are returned after sending cookies
with SYN, use the following command.
Command
Mode
Description
ip tcp syncookies
Global
Permits only when transmitted cookies are returned
after sending cookies with SYN.
no ip tcp syncookies
Disables configuration to permit only when transmitted
cookies are returned after sending cookies with SYN.
To restrict the amount of SYN packet flooding into CPU within a specific bandwidth, use
the following command.
Command
Mode
Description
ip tcp syn-guard BANDWIDTH
Global
Blocks SYN packet toward local CPU.
no ip tcp syn-guard
Configures the system to receive SYN packet toward
local CPU.
To restrict the amount of IPv6 TCP SYN packet flooding into CPU within a specific
bandwidth, use the following command.
Command
Mode
Description