Enterasys Networks 1G58x-09, 1H582-xx, E1 Series 14.3.9 Configuring Flow Setup Throttling (FST) About FST

Security Configuration Command Set

Configuring Flow Setup Throttling (FST)

14-102 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide

14.3.9 Configuring Flow Setup Throttling (FST)About FST

Flow Setup Throttling (FST) is a proactive feature designed to mitigate DoS attacks before the virus

can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the

number of new or established flows that can be programmed on any individual switch port. This is

achieved by monitoring the new flow arrival rate and/or controlling the maximum number of

allowable flows.

FST limits the vulnerability of connection attacks on the network by allowing administrators to:

•Globally enable FST on the switch and on a port-by-port basis.

•Configure the maximum flows allowed per user classification (port type) and the actions that

will occur when flow limits are reached.

•Assign a user classification to each interface.

•Control the generation of SNMP notifications.

•Control the time (in seconds) to wait before generating another notification of the same type on

the same interface.

•Control link status.

Purpose

To review and configure Flow Setup Throttling.

Commands

The commands needed to configure Flow Setup Throttling are listed below and described in the

associated section as shown:

•show flowlimit (Section 14.3.9.1)

•set flowlimit (Section 14.3.9.2)

•set flowlimit limit (Section 14.3.9.3)

•set flowlimit class (Section 14.3.9.4)

•clear flowlimit action (Section 14.3.9.5)

•set flowlimit shutdown (Section 14.3.9.6)