cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2288
Views
0
Helpful
4
Replies

CiscoSG350 switch - No syslog messages found

Yasmeen
Level 1
Level 1

Hi, 

   I have configured below commands in cisco SG350 switch for DOS prevention, but after get SYN Attack in switch ports i am not getting SYSlog messages like below one 

 

01-Jan-2012 05:29:46: A TCP SYN Attack was identified on port gi1

 

01-Jan-2012 05:29:46: A TCP SYN Attack was identified on port gi1. TCP SYN
traffic destined to the local system is automatically blocked for 100
seconds.

 

the above logs are not found also when i check the show commands there also not showing SYN blocked Ports, 

 

DOS#show security-suite syn protection
Protection Mode: Block
Threshold: 80
Recovery: 60

Interface                             Operational                                            Last Attack
Name                                    Status
----------- ------------- ---------------------------------------------

 

 

Attacked port not showing, 

 

The below commands i configured for DOS Prevention, 

 

 

DOS(config)#security-suite enable

DOS(config)#security-suite dos protection mode block

 

DOS(config)#interface range GigabitEthernet1 - 48

DOS(config-if-range)#switchport mode access

DOS(config-if-range)#switchport access vlan 3

DOS(config-if-range)#security-suite syn protection mode Block

DOS(config-if-range)#security-suite dos syn-attack 199 any

 

How do i get the Logs that my port Attacked by SYN ?

 

Pls share me the Commands. 

 

 

Thanks,

Regards,

Yasmeen Shaul Hameed.

 

4 Replies 4

Hi Balaji

       I Have done above link enabled above link mentioned Options but i am not seeing below type of notification after SYN Attack in Switch Port 

 

switchxxxxxx# show security-suite syn protection
Protection Mode: Block
Threshold: 40 Packets Per Second
Period: 100 Seconds
-------------------------------------------------------------------------------------------------
Interface Name                                  Current Status                                     Last Attack
 

 

There is no block port showing in Interface Name, Current Status and Last Attack 

 

But my switch port got Attacked by SYN Flood 

 

In Show Security syn protection command nothing showing 

 

         

Do you see any attacks after you enabled . may be thinking after that you do not have any syn attacks, so it was not showing, so try to make any test device to attack simulation  on the interface you can see the logs ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes I have run the below command to test the SYN Attack in one Switch Port, 

 

hping3 -c 10000 -d 128 -S -w 64 -p 8000 --flood --rand -source 192.168.1.1

 

after run this command we didn't see any SYSLOG messages in that Particular port 

 

switchxxxxxx# show security-suite syn protection
Protection Mode: Block
Threshold: 40 Packets Per Second
Period: 100 Seconds
-------------------------------------------------------------------------------------------------
Interface Name                                  Current Status                                     Last Attack
 

 

The interface is blank no information. while i run the Show commands