â– A control flow transitions into a suspicious state; another trap and log message
is generated on removal from a suspicious state.
â– A protocol transitions to or from the suspicious state.
â– A priority transitions to or from the suspicious state.
â– The suspicious flow control system is overflowing or grouping flows on a line
module.
You can control trap and log messages using CLI or SNMP commands.
Suspicious Control Flow Commands
Use the commands described in this section to regulate suspicious control flows.
baseline suspicious-control-flow-detection counts
â– Use to set a baseline for statistics for suspicious control flow detection.
â– Example
host1#baseline suspicious-control-flow-detection counts
â– There is no no version.
â– See baseline suspicious-control-flow-detection counts.
clear suspicious-control-flow-detection
â– Use to clear the active state for suspicious control detection.
â– If you do not specify a slot or interface, clears all suspicious flows.
â– If you specify a slot, clears all specified suspicious flows on that slot.
â– If you specify an interface and protocol, and source mac-address, clears that
specific flow.
â– Example
host1#clear suspicious-control-flow-detection interface atm 1/0.1 ppp Control
address 0000.0001.0002
â– There is no no version.
â– See clear suspicious-control-flow-detection.
suspicious-control-flow-detection grouping-off
â– Use to turn off overflow protection for suspicious control flow detection, enabling
flows to be grouped into larger entities when the line module flow table overflows.
â– Example
host1(config)#suspicious-control-flow-detection grouping-off
â– Use the no version to turn on overflow protection.
â– See suspicious-control-flow-detection grouping-off.
454 â– Denial of Service (DoS) Protection
JUNOSe 11.1.x System Basics Configuration Guide
To Next Page
Need help?
General
