5-10
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 5 Configuring the Management Interface and Security
Configuring Management Interface Security
How to Enable the IP Fragment Filter
Step 1
From the SCE(config)# prompt, type
ip filter fragment enable
and press
Enter
.
How to Disable the IP Fragment Filter
Step 1
From the SCE(config)# prompt, type
ip filter fragment disable
and press
Enter
.
Configuring the Permitted and Not-permitted IP Address Monitor
Options
The following options are available:
•
I
p permitted/ip not-permitted
— Specifies whether the configured limits apply to permitted or
not-permitted IP addresses.
If neither keyword is used, it is assumed that the configured limits apply to both permitted and
not-permitted IP addresses.
•
low rate
— lower threshold; the rate in Mbps that indicates the attack is no longer present.
–
Default — 20
•
high rate
— upper threshold; the rate in Mbps that indicates the presence of an attack.
–
Default — 20
•
burst size
— duration of the interval in seconds that the high and low rates must be detected in order
for the threshold rate to be considered to have been reached
–
Default — 10
Step 1
From the SCE(config)# prompt, type
i
p filter monitor {ip_permited|ip_not_permited} low_rate
low_rate
high_rate
high_rate
burst
burst size
and press
Enter
.