Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

General Security Commands

XSR CLI Reference Guide 16-89

Syntax of the “no” Form

Thresholdloggingisdisabledwiththenoformofthiscommand:

no access-list log-update-threshold

Mode

Globalconfiguration:XSR(config)#

Default

Disabled

Example

ThefollowingexampleenablesalarmloggingforACL101andsetsthelogthresholdat10000:

XSR(config)#access-list 101 deny ip 15.15.15.1 0.0.0.255 16.16.16.1 0.0.0.255 log

XSR(config)#access-list log-update-threshold 10000

hostdos

ThiscommandenableshostsecurityprotectionagainstvariousDoSattacksviasourceIPaddress

validation.

Syntax

hostdos {land | fragmicmp | largeicmp [size] | checkspoof}

Syntax of the “no” Form

Thenoformdisablesthespecifiedsecurityfeature:

no hostdos {land | fragmicmp | largeicmp [size] | checkspoof}

Mode

Globalconfiguration:XSR(config)#

Defaults

• Disabled

•Size:1024

Note: Performing source address validation can improve security in some situations but can

erroneously discard valid packets in situations where inbound and outbound paths differ and will

negatively impact some routing protocols.

land

Enableslandatta ckprotection.

fragmicmp

EnablesfragmentedICMPpacketsprotection.

largeicmp

EnableslargeICMPpacketsprotection.

size

Packetsizeabovewhichprotectionstarts,rangingfrom1to65535.

checkspoof

Enablesspoofedaddresschecking.

previous next