228 Controlling Management AccessConfiguring DoS InformationBeginning in Privileged EXEC mode, use the following commands to specifysettings to help prevent DoS attacks on the switch.show crypto certificatemycertificateView the SSL certificates of your switch.show ip http serversecure statusDisplay the HTTPS server configuration.show ip http serverstatusDisplay the HTTP server configuration.Command Purposeconfigure Enter Global Configuration mode.dos-control sipdip Enable Source IP Address = Destination IP Address(SIP=DIP) Denial of Service protection.If packets ingress with SIP=DIP, the packets is dropped ifthe mode is enabled.dos-control firstfrag[size]Enable Minimum TCP Header Size Denial of Serviceprotection, wheresize is the TCP header size. (Range: 0-255).dos-control tcpfrag Enable TCP Fragment Denial of Service protection.If packets ingress having IP Fragment Offset equal to one(1), the packets are dropped.dos-control tcpflag Enable TCP Flag Denial of Service protections.If packets ingress having TCP Flag SYN set and a sourceport less than 1024, having TCP Control Flags set to 0 andTCP Sequence Number set to 0, having TCP Flags FIN,URG, and PSH set and TCP Sequence Number set to 0, orhaving TCP Flags SYN and FIN both set, the packets aredropped.dos-control l4port Enable L4 Port Denial of Service protection.If packets ingress having Source TCP/UDP Port Numberequal to Destination TCP/UDP Port Number, the packetsare dropped.Command Purpose
