Cisco Cisco ASR 5700
Global Configuration Mode Commands (T-threshold phspc)
threshold fw-dos-attack ▀
Command Line Interface Reference, StarOS Release 17 ▄
5623
threshold fw-dos-attack
Configures alarm or alert thresholds for Stateful Firewall Denial-of-Service (DoS) attacks.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration
configure
Entering the above command sequence results in the following prompt:
[local]host_name(config)#
Syntax
threshold fw-dos-attack high_thresh [ clear low_thresh ]
default threshold fw-dos-attack
default
Configures this command with the default threshold settings.
Default: 0—disabled
Default: 0—disabled
high_thresh
Specifies the Stateful Firewall DoS attacks threshold value, which if met or exceeded generates an alert or
alarm.
alarm.
high_thresh
must be an integer from 0 through 1000000.
Default: 0
clear low_thresh
Specifies the Stateful Firewall DoS attacks clear threshold value. If, in the same polling interval, the threshold
falls below
falls below
low_thresh
a clear alarm is generated.
low_thresh
must be an integer from 0 through 1000000.
Default: 0
Important:
This value is ignored for the Alert model. In addition, if this value is not configured for the Alarm
model, the system assumes it is identical to the low threshold.
Usage
When the number of DoS attacks exceed a given value, a threshold is raised and it is cleared when the
number of DoS attacks fall below a value within the polling interval.
Refer to the
number of DoS attacks fall below a value within the polling interval.
Refer to the
threshold poll
command to configure the polling interval and the
threshold monitoring
command to enable thresholding for this value.
Example