Example Of Using An Acl In A Connection-Rate Configuration - HP E3800-24G-PoE+-2SFP+ Access Security Manual

For more on ACE masks, refer to "How an ACE Uses a Mask To Screen Packets
for Matches" on page 10-35.
Example of Using an ACL in a Connection-Rate
Configuration
This example adds connection-rate ACLs to the basic example on page 3-12.
B10
Server
B11
Server
Server
B12
Company
Intranet
Server IP Address: 15.45.50.17
Figure 3-8. Sample Network
In the basic example on page 3-12, the administrator configured connection-
rate blocking on port D2. However:
The administrator has elevated the connection-rate sensitivity to high.
■
■ The server at IP address 15.45.50.17 frequently transmits a relatively
high rate of legitimate connection requests, which now triggers
connection-rate blocking of the server's IP address on port D2. This
causes periodic, unnecessary blocking of access to the server.
The administrator needs to maintain blocking protection from the "Company
Intranet" while allowing access to the server at 15.45.50.17. Because the server
is carefully maintained as a trusted device, the administrator's solution is to
Virus Throttling (Connection-Rate Filtering)
Configuring and Applying Connection-Rate ACLs
HP Switch
VLAN 1
B19
15.45.100.1
VLAN 10
B13
15.45.200.1
VLAN 15
15.45.300.1
D21
D22
IP Address:
A B
15.45.100.7
Switch
C
D
Switch
Switch
F G
H
E
3-25