Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
3
Replies

Configuring Dos Attack Protection on Catalyst6500

Leo_Stobbe
Level 1
Level 1

‎01-29-2007 02:55 AM - edited ‎03-05-2019 02:02 PM

Hello,

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080435872.html

I saw on this configuration guide some DOS protection examples.

Examples of some rate-limiters on Catalyst6506:

mls rate-limit multicast ipv4 fib-miss 10000 10

mls rate-limit multicast ipv4 non-rpf 100 100

mls rate-limit unicast cef glean 20000 60

mls rate-limit unicast ip rpf-failure 100000 100

mls rate-limit unicast ip icmp unreachable no-route 100000 100

mls rate-limit unicast ip icmp unreachable acl-drop 100000 100

mls rate-limit unicast ip errors 100000 100

mls rate-limit all ttl-failure 70000 150

Question:

1.Are these examples recommended and tested to protect your network from DoS attack

whatever network design, network utilization you have? Or they are just examples?

2. If they are just examples, how can i find out or calculate rate-limiters for security for my real network? So that it cannot affect the important traffic

thanks

Labels:
0 Helpful
3 Replies 3

m-haddad
Level 5
Level 5

‎01-29-2007 04:19 PM

I haven't used the above mls commands. You can look into a feature called Storm-control which can limit unicast, broadcast and multicast on the interface. Below you can a link for storm-control feature:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a9f.html

Let me know if this helps,

Appreciate your rating,

Regards,

0 Helpful

Leo_Stobbe
Level 1
Level 1
In response to m-haddad

‎01-30-2007 02:15 AM

You said you hadn't use this features. Why?

Are these features useless? or something else?

thanks

0 Helpful

m-haddad
Level 5
Level 5

‎01-30-2007 09:22 AM

Hello Leo,

I didn't say this configuration is useless. I usually try to use the storm control feature which can limit some types of DoS attacks.

The above are some DoS protections based on QoS. On thing to note that there is no standard configuration for QoS. What I mean is because different networks have different type of traffic it is very hard to say this typical configuration would work on all networks. This is because some networks maybe using multicast a lot and some other are not for example.

Therefore, after you apply the above commands you may still need to modify the limiting rates to be adequate with your network traffic type.

Hope this clarifies the issue,

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card