configure enhanced-dos-protect rate-limit
ExtremeWare Software 7.3.0 Command Reference Guide 787
configure enhanced-dos-protect rate-limit
configure enhanced-dos-protect rate-limit [threshold <threshold> |
drop-probability <drop-probability> | learn-window <learn-window> |
protocol [all | icmp]] ports <portlist>
Description
Configures rate limiting for enhanced denial of service protection.
Syntax Description
Default
The default threshold on Fast Ethernet ports is 100 pkts/learn window.
The default threshold on Gigabyte ports is 100 pkts/learn window.
The default drop-probability is 50 percent.
The default learn-window value is 10 seconds.
Rate limiting is applied by default to ICMP packets.
Usage Guidelines
Use this command to configure the rate-limit threshold, drop probability, learning window, or packet
protocol. To verify settings, use the
show enhanced-dos-protect rate-limit ports <portlist>
command. To remove ports from rate limiting, use the
unconfigure enhanced-dos-protect
rate-limit
command.
Example
The following command sets the rate limiting threshold on port 3 to 200 packets:
configure enhanced-dos-protect rate-limit threshold 200 ports 3
The following command sets the rate limiting drop probability on port 4 to 60 percent:
configure enhanced-dos-protect rate-limit drop-probability 50 ports 4
The following command sets the rate limiting learn window on ports 2 and 3 to 90 seconds:
configure enhanced-dos-protect rate-limit learn-window 90 ports 2,3
threshold Specifies the number of packets allowed on a given port within the learning window
before the rate limit is applied. The valid value range is 100-1953125. The default on
Fast Ethernet ports is 100 pkts/learn window. The default on Gigabyte ports is 100
pkts/learn window.
drop-probability Specifies the percentage of slow-path traffic to be dropped per port. The valid range
is 0-100 percent. The default value is 50 percent.
learn-window Specifies the number of seconds for the learning window per port. This value is the
duration of time to be considered to reach the rate limit threshold. The valid range is
5-300 seconds. The default value is 10 seconds.
protocol [all | icmp] Specifies the protocol packets to which rate limiting is applied. By default, rate limiting
is applied to Internet Control Message Protocol (ICMP) packets.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of
slots and ports. On a stand-alone switch, can be one or more port numbers. May be
in the form 1, 2, 3-5, 2:*, 2:5, 2:6-2:8.
To Next Page
Loading...