[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
DoS Protection Group Commands
Use the commands described in this section to create
DoS protection groups and attach them to different types of interfacesatm dos-protection-group
- Use to attach an ATM DoS protection group to an interface.
- Example
- host1(config-if)#atm dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
bridge1483 dos-protection-group
- Use to attach a bridge 1483 DoS protection group to an
interface.
- Example
- host1(config-if)#bridge1483 dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See bridge1483 dos-protection-group.
dos-protection-group
- Use to create a DoS protection group and enter DoS Protection
Group Configuration mode.
- A group named default always exists.
- Example
- host1(coonfig)#dos-protection-group default
- Use the no version to remove
the DoS protection group.
- See dos-protection-group.
ethernet dos-protection-group
- Use to attach an Ethernet DoS protection group to an interface.
- Example
- host1(config-if)#ethernet dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See ethernet dos-protection-group.
frame-relay dos-protection-group
- Use to attach a Frame Relay DoS protection group to an
interface.
- Example
- host1(config-if)#frame-relay dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See frame-relay dos-protection-group.
hdlc dos-protection-group
- Use to attach an HDLC DoS protection group to an interface.
- Example
- host1(config-if)#hdlc dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See hdlc dos-protection-group.
ip dos-protection-group
- Use to attach an IP DoS protection group to an interface.
- Example 1
- host1(config-if)#ip dos-protection-group group1
- Example 2
- host1(config)#dos-protection-group default
- host1(config-dos-protection)#protocol AtmOam
rate 512
- host1(config-dos-protection)#protocol PppoeControl
rate 512
- host1(config-dos-protection)#protocol IpLocalOther
rate 512
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See ip dos-protection-group.
ipv6 dos-protection-group
- Use to attach an IPv6 DoS protection group to an interface.
- Example
- host1(config-if)#ipv6 dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See ipv6 dos-protection-group.
lag dos-protection-group
- Use to attach a LAG DoS protection group to an interface.
- Example
- host1(config-if)#lag dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See lag dos-protection-group.
ppp dos-protection-group
- Use to attach a PPP DoS protection group to an interface.
- Example
- host1(config-if)#ppp dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See ppp dos-protection-group.
pppoe dos-protection-group
- Use to attach a PPPoE DoS protection group to an interface.
- Example
- host1(config-if)#pppoe dos-protection-group
group1
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See pppoe dos-protection-group.
priority burst
- Use to set the burst size in packets for the priority.
- Example
- host1(config-dos-protection)#priority Hi-Green-IC
burst 32
- Use the no version to return
to the default value.
- See priority burst.
priority over-subscription-factor
- Use to set the oversubscription value for the priority
rate limiter.
- The oversubscription value and the priority rate are used
to calculate the minimum rate limits for port compression.
- Allows an oversubscription of the priority rate because
all protocols within a priority are not generally used simultaneously.
- Example
- host1(config-dos-protection)#priority Hi-Green-IC
over-subscription-factor 100
- Use the no version to return
no oversubscription value.
- See priority over-subscription-factor.
priority rate
- Use to set the rate in packets-per-second for the priority.
- Example
- host1(config-dos-protection)#priority Hi-Green-IC
rate 6000
- Use the no version to return
to the default value of 0.
- See priority rate.
protocol burst
- Use to set the burst size in packets-per-second for the
protocol.
- The default value is one half the maximum rate in packets.
- Example
- host1(config-dos-protection)#protocol IpLocalDhcpIc
burst 65535
- Use the no version to set the
default value, which is equal to half of the configured maximum rate.
- See protocol burst.
protocol drop-probability
- Use to map a protocol to a specific drop probability,
which is the percentage probability of an exceeded packet being dropped.
- Example
- host1(config-dos-protection)#protocol IpLocalDhcpIc
drop-probability 100
- Use the no version to set the
drop probability to the value specified in the associated default
group.
- See protocol drop-probability.
protocol priority
- Use to set the priority for the protocol.
- Example
- host1(config-dos-protection)#protocol IpLocalDhcpIc
priority hiGreen
- Use the no version to set the
priority to the value specified in the associated default group.
- See protocol priority.
protocol rate
- Use to map a protocol to a maximum rate limit.
- The rate limit applies to all packets of the protocol
for interfaces belonging to the DoS protection group.
- A particular protocol can be up to the sum of the four
rates configured, depending on the DoS group attached to an interface.
- Use a maximum rate of 0 for protocols that are not used.
- The actual rate never exceeds the maximum rate, but can
be less than the configured maximum rate due to the weighting of the
protocols within a DoS protection group and the use of multiple DoS
protection groups.
- Example
- host1(config-dos-protection)#protocol IpLocalDhcpIc
rate 100
- Use the no version to set the
value to the value specified in the associated default group.
- See protocol rate.
protocol skip-priority-rate-limiter
- Use to set the skip priority rate limiter for the protocol.
- The specified protocol is not subject to the priority
rate limiter for the priority and DoS protection group selected.
- The default sets the protocol such that it is subject
to priority rate limiting.
- Example
- host1(config-dos-protection)#protocol IpLocalDhcpIc
skip-priority-rate-limiter
- Use the no version to set the
value to the default, which is not to use skip-priority-rate-limiter.
- See protocol skip-priority-rate-limiter.
protocol weight
- Use to set the weight for the protocol.
- For each port compression, weight determines the effective
minimum rate that each protocol receives.
- Within each port compression, the sum of the minimum rates
for all protocols is equal to or less than the priority rate.
- For each priority, there is a separate rate for each DoS
protection group.
- Example
- host1(config-dos-protection)#protocol IpLocalDhcpIc
weight 100
- Use the no version to set the
weight to the value specified in the associated default group.
- See protocol weight.
use canned-group
- Use to create a DoS protection group that uses a pre-programmed
set of parameters.
- Use the revert keyword to return
the values to the canned group values
- Example
- host1#use canned-group group1
- Use the no version to associate
the group with the default canned group settings.
- See use canned-group.
vlan dos-protection-group
- Use to attach a VLAN DoS protection group to an interface.
- Example
- host1(config-if)#vlan dos-protection-group
- Use the no version to remove
the attachment of the DoS protection group from the interface.
- See vlan dos-protection-group.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
