security-suite syn protection mode
To protect TCP SYN attacks and set its protection mode, use the security-suite syn protection mode Global Configuration mode command.
Syntax
security-suite syn protection mode {block | disabled | report}
Parameters
block—Blocks the TCP SYN traffic from attacking ports destined to the local system, and generates a rate-limited syslog message.
disabled— Disables the SYN protection feature.
report—Reports for the SYN protection feature about TCP SYN traffic per port (including rate-limited syslog message when an attack is identified).
Default Configuration
The default mode is block.
Command Mode
Global Configuration mode
Example
The following example enables SYN protection in block mode on the switch:
switchxxxxxx(config)# security-suite syn protection mode block