Filter
Top Products
Security Configuration Command Set
Configuring Flow Setup Throttling (FST)
14-188 Matrix NSA Series Configuration Guide
14.3.15 Configuring Flow Setup Throttling (FST)
About FST
Flow Setup Throttling (FST) is a proactive feature designed to mitigate DoS attacks before the virus
can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the
number of new or established flows that can be programmed on any individual switch port. This is
achieved by monitoring the new flow arrival rate and/or controlling the maximum number of
allowable flows.
FST limits the vulnerability of connection attacks on the network by allowing administrators to:
• Globally enable FST on the switch and on a port-by-port basis.
• Configure the maximum flows allowed per user classification (port type) and the actions that
will occur when flow limits are reached.
• Assign a user classification to each interface.
• Control the generation of SNMP notifications.
• Control the time (in seconds) to wait before generating another notification of the same type on
the same interface.
• Control link status.
Purpose
To review and configure Flow Setup Throttling.
Commands
The commands needed to configure Flow Setup Throttling are listed below and described in the
associated section as shown:
• show flowlimit (Section 14.3.15.1)
• set flowlimit (Section 14.3.15.2)
• set flowlimit limit (Section 14.3.15.3)
• clear flowlimit limit (Section 14.3.15.4)
• set flowlimit action (Section 14.3.15.5)
• clear flowlimit action (Section 14.3.15.6)
• show flowlimit class (Section 14.3.15.7)