Security Suite Settings

Note

Before activating DoS Prevention, you must unbind all Access Control Lists (ACLs) or advanced QoS policies that are bound to a port. ACL and advanced QoS policies aren’t active when a port has DoS Protection enabled on it.

To configure DoS Prevention global settings and monitor SCT:

Procedure

Step 1

Click Security > Denial of Service Prevention > Security Suite Settings.

CPU Protection Mechanism: Enabled indicates that SCT is enabled.

Step 2

Click Details to view CPU resource utilization information.

Step 3

Click Edit beside TCP SYN Protection to set the feature.

Step 4

In the Denial of Service Protection area, enable one or more of the following DoS protection options and specify the threshold if necessary:

  • DA Equals SA

  • ICMP Frag Packets

  • ICMP Ping Maximum Length

  • IPv6 Minimum Frag Length

  • Land

  • Null Scan

  • POD

  • Smurf Netmask

  • TCP Source Port Less 1024

  • TCP Blat

  • TCP Frag-Off Minimum check

  • TCP Herder Minimum Length

  • UDP Blat

  • XMA

Step 5

Click Apply. The Denial of Service prevention Security Suite settings are written to the Running Configuration file.