cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
davide
New Contributor

DOS feautures

NETVANTA 1638P

I enabled  all the DOS features but the UDP one.

Sometimes some users cannot surf on the Internet even if they can resolve their names.

How may I restore their connections ?

0 Kudos
6 Replies
Anonymous
Not applicable

Re: DOS feautures

:

Thank you for asking this question in the support community.  Do you have reason to believe the DoS feature of the ADTRAN is blocking the traffic?  Can you reply with the firmware version of the ADTRAN unit, as well as the configuration (please, remember to remove any information that may be sensitive to the organization).  Here is the Configuring Denial of Service (DOS) Protection in AOS guide for reference.

Also, will you reply with the output from the show interfaces command, related to DoS, so we can determine if DoS attacks are being recorded?

Please, do not hesitate to reply to this post with any additional questions or information, I will be happy to help in any way I can.

Levi

davide
New Contributor

Re: DOS feautures

well, if I disable the DoS services I don't have that issue anymore.

The problem is I don't know how to fix the issue when a user get stuck. I tried to clear the IP  ROUTE route table and the IP ROUTE-CACHE table.

And it started working after some minutes. Here is my firmware version:

ADTRAN, Inc. OS version R10.9.0.HA
  Mainline Version: ENM.13.100
  P4 Changelist: 94856
  Checksum: 13536c6d8b94e896386a4202796696b0
  Built on: Wed Sep  4 16:32:26 CDT 2013
  Upgrade key: ccdf3fad70097556bb99f568ca0db6b3
Boot ROM version R10.3.0.SB
  Checksum: f569288f233ccb7a37bb2ccf4862855f
  Built on: Tue Aug  7 11:17:49 CDT 2012
Copyright (c) 1999-2013, ADTRAN, Inc.

Flash: 134217728 bytes  DRAM: 268435456 bytes


System returned to ROM by Hard Reset
Current system image file is "NV1638A-R10-9-0-HA.biz"
Primary boot system image file is "NV1638A-R10-9-0-HA.biz"
Backup boot system image file is "9700568-2R100501.biz"
Primary system configuration file is "startup-config"

Here is the bad startup-config:

!
!
! ADTRAN, Inc. OS version R10.9.0.HA
! Boot ROM version R10.3.0.SB
! Platform: NetVanta 1638P,
!
!
hostname "Netvanta-1638P"
enable password encrypted
!
clock timezone -5-Eastern-Time
clock no-auto-correct-DST
!
ip subnet-zero
ip classless
ip routing
domain-name "secret.local"
name-server 10.0.94.29
!
!
ip route-cache express
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
service password-encryption
!
username "admin" password encrypted "secret"
!
banner login #
Unauthorized access to this device is strictly prohibited and if you got inadvertently exit immediately!
#
!
!
!
!
!
!
dot11ap access-point-control

dos-protection 1-4,6,20,40-41,60-61,100

no desktop-auditing dhcp

no network-forensics ip dhcp
!
!
!
!
!
spanning-tree priority 10
!
gvrp
!
!
!
!
vlan 1
  name "Default"
!
vlan 2
  name "pubblic-IP-switch"
!
vlan 3
  name "secret"
!
vlan 4
  name "webcam"
!
vlan 5
  name "Voice"
!
vlan 6
  name "Wireless"
!
vlan 7
  name "DataBackup"
!
interface loop 1
  ip address  172.16.1.14  255.255.255.255
  no shutdown
!
interface eth 0/1
  description Management Interface
  ip address  10.0.96.14  255.255.255.0
  no awcp
  shutdown
!
!
interface gigabit-switchport 0/1
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/2
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/3
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/4
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/5
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/6
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/7
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/8
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/9
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/10
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/11
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/12
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/13
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/14
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/15
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/16
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/17
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/18
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/19
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/20
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/21
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/22
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/23
  no shutdown
  switchport access vlan 3
  switchport protected
!
interface gigabit-switchport 0/24
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/25
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/26
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/27
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/28
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/29
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/30
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/31
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/32
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/33
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/34
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/35
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/36
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/37
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/38
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/39
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/40
  no shutdown
  switchport access vlan 3
!
interface gigabit-switchport 0/41
  no shutdown
!
interface gigabit-switchport 0/42
  no shutdown
!
interface gigabit-switchport 0/43
  no shutdown
!
interface gigabit-switchport 0/44
  no shutdown
!
interface gigabit-switchport 0/45
  no shutdown
  switchport access vlan 2
!
interface gigabit-switchport 0/46
  no shutdown
  switchport access vlan 2
!
interface gigabit-switchport 0/47
  no shutdown
  switchport access vlan 2
!
interface gigabit-switchport 0/48
  no shutdown
  switchport access vlan 2
!
!
interface xgigabit-switchport 1/1
  no shutdown
  switchport mode trunk
  switchport trunk allowed vlan 1-7
  speed auto
!
interface xgigabit-switchport 1/2
  no shutdown
  switchport mode access
  switchport access vlan 3
  speed 1000
!
!
!
interface vlan 1
  ip address  10.0.1.14  255.255.255.0
  ip route-cache express
  no shutdown
!
interface vlan 2
  no ip address
  ip route-cache express
  shutdown
!
interface vlan 3
  ip address  10.0.94.14  255.255.255.0
  ip route-cache express
  no shutdown
!
interface vlan 4
  no ip address
  ip route-cache express
  no shutdown
!
!
!
!
!
!
ip route 0.0.0.0 0.0.0.0 10.0.94.1
ip route 10.0.94.0 255.255.255.0 10.0.94.14
ip route 172.16.1.17 255.255.255.255 10.0.94.17
!
no tftp server
no tftp server overwrite
http server
http secure-server
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
!
!
!
!
line con 0
  login
  password encrypted secret
!
line telnet 0 4
  login
  password encrypted secret
  no shutdown
line ssh 0 4
  login local-userlist
  no shutdown
!
sntp server us.pool.ntp.org
!
!
!
end

Anonymous
Not applicable

Re: DOS feautures

:

Thank you for replying with this information.  When you get a chance, will you also reply with some of the output from the show interfaces command, related to DoS, so we can determine if DoS attacks are being recorded?

Levi

davide
New Contributor

Re: DOS feautures

Thank you for your answer. I just enabled the settings they recommended in the official documentation I found in the link you sent me and the Switch is working fine. Thank you so much.

Anonymous
Not applicable

Re: DOS feautures

:

When you get a chance, would it be possible to reply and let us know what you changed?  This may be beneficial for others in the future.

Levi

Anonymous
Not applicable

Re: DOS feautures

-

I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor