Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring How Flow Detection Operates for Individual Protocol Groups or Packets


By default, flow detection is disabled for all protocol groups and packet types. After you have turned on flow detection globally and configured the global operation mode, you can include the flow-detection-mode statement to configure flow detection to override the global setting for individual protocol groups and packet types. By default, flow detection operates in automatic mode for all packet types, meaning that it monitors control traffic for suspicious flows only after a DDoS policer has been violated. You can also configure flow detection either to never monitor flows or to always monitor flows.


The flow detection mode at the packet level must be either automatic or on for flow detection to operate at individual flow aggregation levels.

To configure how flow detection operates:

  • Disable suspicious flow detection for a packet type.

  • Set flow detection to operate automatically when a policer is violated.

  • Specify that flow detection is always on for a packet type.