Configuring A Connection-Rate Acl Using Source Ip Address Criteria; Configuring A Connection-Rate Acl Using; Source Ip Address Criteria - HP ProCurve 6200yl Series Access Security Manual

Virus Throttling
Configuring and Applying Connection-Rate ACLs
3-22

Configuring a Connection-Rate ACL Using

Source IP Address Criteria

(To configure a connection-rate ACL using UDP/TCP criteria, go to page 3-23.)
Syntax: ip access-list connection-rate-filter < crf-list-name >
Creates a connection-rate-filter ACL and puts the CLI
into the access control entry (ACE) context:
If the ACL already exists, this command simply puts the
CLI into the ACE context.
Syntax: < filter | ignore > ip < any | host < ip-addr > | ip-addr < mask-length > >
Used in the ACE context (above) to specify the action of
the connection-rate ACE and the source IP address (SA)
of the traffic that the ACE affects.
< filter | ignore >
The filter option assigns policy filtering to traffic with an
SA matching the source address in the ACE. The ignore
option specifies bypassing policy filtering for traffic with
an SA that matches the source address in the ACE.
ip < any | host < ip-addr > | ip-addr < mask-length >
Specifies the SA criteria for traffic addressed by the ACE.
any: Applies the ACEs action (filter or ignore) to traffic
having any SA.
host < ip-addr >: Applies the ACEs action (filter or ignore)
to traffic having the specified host SA.
ip-addr < mask-length >: Applies the ACEs action (filter or
ignore) to traffic having an SA within the range defined
by either:
< src-ip-addr/cidr-mask-bits>
or
< src-ip-addr < mask >>
Use this criterion for traffic received from either a subnet
or a group of IP addresses. The mask can be in either
dotted-decimal format or CIDR format with the number
of significant bits. Refer to "Using CIDR Notation To
Enter the ACE Mask" on page 3-26.
ProCurve(config-crf-nacl)#