Enterasys Networks 1G58x-09 Manuel D’Utilisation
Security Configuration Command Set
Configuring Flow Setup Throttling (FST)
14-102
14.3.9 Configuring Flow Setup Throttling (FST)
About FST
Flow Setup Throttling (FST) is a proactive feature designed to mitigate DoS attacks before the virus
can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the
number of new or established flows that can be programmed on any individual switch port. This is
achieved by monitoring the new flow arrival rate and/or controlling the maximum number of
allowable flows.
can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the
number of new or established flows that can be programmed on any individual switch port. This is
achieved by monitoring the new flow arrival rate and/or controlling the maximum number of
allowable flows.
FST limits the vulnerability of connection attacks on the network by allowing administrators to:
•
Globally enable FST on the switch and on a port-by-port basis.
•
Configure the maximum flows allowed per user classification (port type) and the actions that
will occur when flow limits are reached.
will occur when flow limits are reached.
•
Assign a user classification to each interface.
•
Control the generation of SNMP notifications.
•
Control the time (in seconds) to wait before generating another notification of the same type on
the same interface.
the same interface.
•
Control link status.
Purpose
To review and configure Flow Setup Throttling.
Commands
The commands needed to configure Flow Setup Throttling are listed below and described in the
associated section as shown:
associated section as shown:
•
show flowlimit (
)
•
set flowlimit (
•
set flowlimit limit (
•
set flowlimit class (
•
clear flowlimit action (
)
•
set flowlimit shutdown (