Table of Contents
Advertisement
Security Configuration Command Set
Configuring Flow Setup Throttling (FST)
14.3.15 Configuring Flow Setup Throttling (FST)
About FST
Flow Setup Throttling (FST) is a proactive feature designed to mitigate DoS attacks before the virus
can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the
number of new or established flows that can be programmed on any individual switch port. This is
achieved by monitoring the new flow arrival rate and/or controlling the maximum number of
allowable flows.
FST limits the vulnerability of connection attacks on the network by allowing administrators to:
•
Globally enable FST on the switch and on a port-by-port basis.
•
Configure the maximum flows allowed per user classification (port type) and the actions that
will occur when flow limits are reached.
•
Assign a user classification to each interface.
•
Control the generation of SNMP notifications.
•
Control the time (in seconds) to wait before generating another notification of the same type on
the same interface.
•
Control link status.
Purpose
To review and configure Flow Setup Throttling.
Commands
The commands needed to configure Flow Setup Throttling are listed below and described in the
associated section as shown:
•
show flowlimit
•
set flowlimit
(Section
•
set flowlimit limit
•
clear flowlimit limit
•
set flowlimit action
•
clear flowlimit action
•
show flowlimit class
14-188 Matrix DFE-Platinum and Diamond Series Configuration Guide
(Section
14.3.15.1)
14.3.15.2)
(Section
14.3.15.3)
(Section
14.3.15.4)
(Section
14.3.15.5)
(Section
14.3.15.6)
(Section
14.3.15.7)
Hide quick links:
Advertisement
Chapters
Table of Contents
