Table of Contents
Advertisement
Ignore
Allow traffic from Host
"A" without filtering
through per-port
connection-rate policy
Figure 3-6. Connection-Rate ACL Applied to Traffic Received Through a Given Port
Configuring a Connection-Rate ACL Using
Source IP Address Criteria
(To configure a connection-rate ACL using UDP/TCP criteria, go to page 3-21.)
Syntax: ip access-list connection-rate-filter < crf-list-name >
Creates a connection-rate-filter ACL and puts the CLI
into the access control entry (ACE) context:
If the ACL already exists, this command simply puts the
CLI into the ACE context.
Syntax: < filter | ignore > ip < any | host < ip-addr > | ip-addr < mask-length > >
Used in the ACE context (above) to specify the action of
the connection-rate ACE and the source IP address of the
traffic that the ACE affects.
Virus Throttling (Connection-Rate Filtering)
Configuring and Applying Connection-Rate ACLs
Inbound IP traffic from Host "A"
with relatively high number of IP
connection-rate attempts
Yes
Source Match
on any ACE in
Ignore
or
Filter?
Apply per-port connection-rate
policy to Host "A" traffic:
– Notify-Only
– Throttle
– Block
HP Switch(config-crf-nacl)#
No
the ACL?
Apply Implicit ACE
(filter)
Filter
3-19
Hide quick links:
Advertisement
Table of Contents
