6 Replies Latest reply on Jan 9, 2014 10:13 AM by noor

    DOS feautures

    davide New Member

      NETVANTA 1638P

       

      I enabled  all the DOS features but the UDP one.

       

      Sometimes some users cannot surf on the Internet even if they can resolve their names.

       

      How may I restore their connections ?

        • Re: DOS feautures
          levi Employee

          davide:

           

          Thank you for asking this question in the support community.  Do you have reason to believe the DoS feature of the ADTRAN is blocking the traffic?  Can you reply with the firmware version of the ADTRAN unit, as well as the configuration (please, remember to remove any information that may be sensitive to the organization).  Here is the Configuring Denial of Service (DOS) Protection in AOS guide for reference.

           

          Also, will you reply with the output from the show interfaces command, related to DoS, so we can determine if DoS attacks are being recorded?

           

          Please, do not hesitate to reply to this post with any additional questions or information, I will be happy to help in any way I can.

           

          Levi

            • Re: DOS feautures
              davide New Member

              well, if I disable the DoS services I don't have that issue anymore.

              The problem is I don't know how to fix the issue when a user get stuck. I tried to clear the IP  ROUTE route table and the IP ROUTE-CACHE table.

              And it started working after some minutes. Here is my firmware version:

              ADTRAN, Inc. OS version R10.9.0.HA
                Mainline Version: ENM.13.100
                P4 Changelist: 94856
                Checksum: 13536c6d8b94e896386a4202796696b0
                Built on: Wed Sep  4 16:32:26 CDT 2013
                Upgrade key: ccdf3fad70097556bb99f568ca0db6b3
              Boot ROM version R10.3.0.SB
                Checksum: f569288f233ccb7a37bb2ccf4862855f
                Built on: Tue Aug  7 11:17:49 CDT 2012
              Copyright (c) 1999-2013, ADTRAN, Inc.

               

              Flash: 134217728 bytes  DRAM: 268435456 bytes

               


              System returned to ROM by Hard Reset
              Current system image file is "NV1638A-R10-9-0-HA.biz"
              Primary boot system image file is "NV1638A-R10-9-0-HA.biz"
              Backup boot system image file is "9700568-2R100501.biz"
              Primary system configuration file is "startup-config"

              Here is the bad startup-config:

              !
              !
              ! ADTRAN, Inc. OS version R10.9.0.HA
              ! Boot ROM version R10.3.0.SB
              ! Platform: NetVanta 1638P,
              !
              !
              hostname "Netvanta-1638P"
              enable password encrypted
              !
              clock timezone -5-Eastern-Time
              clock no-auto-correct-DST
              !
              ip subnet-zero
              ip classless
              ip routing
              domain-name "secret.local"
              name-server 10.0.94.29
              !
              !
              ip route-cache express
              !
              no auto-config
              !
              event-history on
              no logging forwarding
              no logging email
              !
              service password-encryption
              !
              username "admin" password encrypted "secret"
              !
              banner login #
              Unauthorized access to this device is strictly prohibited and if you got inadvertently exit immediately!
              #
              !
              !
              !
              !
              !
              !
              dot11ap access-point-control

               

              dos-protection 1-4,6,20,40-41,60-61,100

               

              no desktop-auditing dhcp

               

              no network-forensics ip dhcp
              !
              !
              !
              !
              !
              spanning-tree priority 10
              !
              gvrp
              !
              !
              !
              !
              vlan 1
                name "Default"
              !
              vlan 2
                name "pubblic-IP-switch"
              !
              vlan 3
                name "secret"
              !
              vlan 4
                name "webcam"
              !
              vlan 5
                name "Voice"
              !
              vlan 6
                name "Wireless"
              !
              vlan 7
                name "DataBackup"
              !
              interface loop 1
                ip address  172.16.1.14  255.255.255.255
                no shutdown
              !
              interface eth 0/1
                description Management Interface
                ip address  10.0.96.14  255.255.255.0
                no awcp
                shutdown
              !
              !
              interface gigabit-switchport 0/1
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/2
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/3
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/4
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/5
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/6
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/7
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/8
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/9
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/10
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/11
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/12
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/13
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/14
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/15
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/16
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/17
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/18
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/19
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/20
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/21
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/22
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/23
                no shutdown
                switchport access vlan 3
                switchport protected
              !
              interface gigabit-switchport 0/24
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/25
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/26
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/27
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/28
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/29
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/30
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/31
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/32
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/33
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/34
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/35
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/36
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/37
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/38
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/39
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/40
                no shutdown
                switchport access vlan 3
              !
              interface gigabit-switchport 0/41
                no shutdown
              !
              interface gigabit-switchport 0/42
                no shutdown
              !
              interface gigabit-switchport 0/43
                no shutdown
              !
              interface gigabit-switchport 0/44
                no shutdown
              !
              interface gigabit-switchport 0/45
                no shutdown
                switchport access vlan 2
              !
              interface gigabit-switchport 0/46
                no shutdown
                switchport access vlan 2
              !
              interface gigabit-switchport 0/47
                no shutdown
                switchport access vlan 2
              !
              interface gigabit-switchport 0/48
                no shutdown
                switchport access vlan 2
              !
              !
              interface xgigabit-switchport 1/1
                no shutdown
                switchport mode trunk
                switchport trunk allowed vlan 1-7
                speed auto
              !
              interface xgigabit-switchport 1/2
                no shutdown
                switchport mode access
                switchport access vlan 3
                speed 1000
              !
              !
              !
              interface vlan 1
                ip address  10.0.1.14  255.255.255.0
                ip route-cache express
                no shutdown
              !
              interface vlan 2
                no ip address
                ip route-cache express
                shutdown
              !
              interface vlan 3
                ip address  10.0.94.14  255.255.255.0
                ip route-cache express
                no shutdown
              !
              interface vlan 4
                no ip address
                ip route-cache express
                no shutdown
              !
              !
              !
              !
              !
              !
              ip route 0.0.0.0 0.0.0.0 10.0.94.1
              ip route 10.0.94.0 255.255.255.0 10.0.94.14
              ip route 172.16.1.17 255.255.255.255 10.0.94.17
              !
              no tftp server
              no tftp server overwrite
              http server
              http secure-server
              no snmp agent
              no ip ftp server
              ip ftp server default-filesystem flash
              no ip scp server
              no ip sntp server
              !
              !
              !
              !
              !
              !
              !
              !
              line con 0
                login
                password encrypted secret
              !
              line telnet 0 4
                login
                password encrypted secret
                no shutdown
              line ssh 0 4
                login local-userlist
                no shutdown
              !
              sntp server us.pool.ntp.org
              !
              !
              !
              end

                • Re: DOS feautures
                  levi Employee

                  davide:

                   

                  Thank you for replying with this information.  When you get a chance, will you also reply with some of the output from the show interfaces command, related to DoS, so we can determine if DoS attacks are being recorded?

                   

                  Levi

                    • Re: DOS feautures
                      davide New Member

                      Thank you for your answer. I just enabled the settings they recommended in the official documentation I found in the link you sent me and the Switch is working fine. Thank you so much.

                        • Re: DOS feautures
                          levi Employee

                          davide:

                           

                          When you get a chance, would it be possible to reply and let us know what you changed?  This may be beneficial for others in the future.

                           

                          Levi

                            • Re: DOS feautures
                              Employee

                              davide -

                              I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                               

                              Thanks,

                              Noor