Filter
Top Products
DES-7200 Configuration Guide Chapter 8 DoS Protection Configuration
8-7
Caution
This filtering can only be configured on the direct link interface.
Apply ingress filtering on convergence-layer interface (uplink
port) will prevent Internet messages with various source IP
addresses from reaching the downlink hosts at the
convergence layer.
After configuring DoS protection based ingress filtering, the no
command must be used to disable DoS protection function in
order to modify the address of network interface.
8.2.4 Set up Ingress
Filtering to Defend
Against DoS Attack
To set up ingress filtering, run the following commands:
Command Function
DES-7200# configure terminal
Enter global configuration mode.
DES-7200(config)# interface
interface-id
Enter layer-3 interface
DES-7200(config-if)# ip deny
spoofing-source
Ingress filtering function to defend
against disguised source IP based DoS
attacks. Drop all incoming messages
without consistent prefix with this
network interface. (Note: Only layer-3
interface can be configured with this
function)
DES-7200(config-if)# show running
interface interface-id
Verify the configuration of ingress
filtering.
Use the no ip deny spoofing-source command to disable the ingress filtering
function (for DoS attack protection) in the interface configuration mode.