36-22
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 36 Configuring Denial of Service Protection
DoS Protection Configuration Guidelines and Restrictions
DoS Protection Configuration Guidelines and Restrictions
The section contains these configuration guidelines and restrictions:
• PFC2, page 36-22
• PFC3, page 36-23
PFC2
When configuring DoS protection on systems configured with a PFC2, follow these guidelines and
restrictions:
• When using security ACLs to drop DoS packets, note the following information:
–
The security ACL must specify the traffic flow to be dropped.
–
Security ACLs need to be configured on all external interfaces that require protection. Use the
interface range command to configure a security ACL on multiple interfaces.
Table 36-3 PFC3 Hardware-based Rate Limiter Default Setting
Rate Limiter Default Status (ON/OFF) Default Value
Ingress/Egress ACL Bridged
Packets
OFF
RPF Failures ON 100 pps, burst of 10 packets
FIB Receive cases OFF
FIB Glean Cases OFF
Layer 3 Security features OFF
ICMP Redirect OFF
ICMP Unreachable ON 100 pps, burst of 10 packets
VACL Log ON 2000 pps, burst of 10 packets
TTL Failure OFF
MTU Failure OFF
Layer 2 PDU OFF
Layer 2 Protocol Tunneling OFF
IP Errors ON 100 pps, burst of 10 packets
Multicast IGMP OFF
Multicast FIB-Miss ON 100000 pps, burst of 100 packets
Multicast Partial-SC ON 100000 pps, burst of 100 packets
Multicast Directly Connected OFF
Multicast Non-RPF OFF
Multicast IPv6 ON If the packets-in-burst is not set, a
default of 100 is programmed for
multicast cases.
To Next Page
Loading...
Need help?
General
