Specifications

clear hostdos-counters Configuring Flow Setup Throttling (FST)

Enterasys Matrix N Standalone (NSA) Series Configuration Guide 24-25

Configuring Flow Setup Throttling (FST)

About FST

FlowSetupThrottling(FST)isaproactivefeaturedesignedtomitigateDoSattacksbeforethe

viruscanwreakhavoconthenetwork.FSTdirectlycombatstheeffectsofDoSattacksbylimiting

thenumberofneworestablishedflowsthatcanbeprogrammedonanyindividualswitchport.

Thisisachieved

bymonitoringthenewflowarrivalrateand/orcontrollingthemaximumnumber

ofallowableflows.

FSTlimitsthevulnerabilityofconnectionattacksonthe networkbyallowingadministratorsto:

• GloballyenableFSTontheswitchandonaport‐by‐portbasis.

• Configurethemaximumflowsallowedperuserclassification(port

type)andtheactionsthat

willoccurwhenflowlimitsarereached.

• Assignauserclassificationtoeachinterface.

• ControlthegenerationofSNMPnotifications.

• Controlthetime(inseconds)towaitbeforegeneratinganothernotificationofthesametype

onthesameinterface.

• Controllinkstatus.

Purpose

ToreviewandconfigureFlowSetupThrottling.

Commands

For information about... Refer to page...

show flowlimit 24-26

set flowlimit 24-26

set flowlimit limit 24-27

clear flowlimit limit 24-28

set flowlimit action 24-28

clear flowlimit action 24-29

show flowlimit class 24-30

set flowlimit port 24-31

clear flowlimit port class 24-32

set flowlimit shutdown 24-32

set flowlimit notification 24-33

clear flowlimit notification interval 24-34

clear flowlimit stats 24-34