Configuring a Connection-Rate ACL Using UDP/TCP
Criteria
(To configure a connection-rate ACL using source IP address criteria, turn to
page 3-22.)
Syntax: ip access-list connection-rate-filter < crf-list-name >
Syntax: < filter | ignore > < udp | tcp > < any >
< filter | ignore > < udp | tcp > < host < ip-addr > > [ udp/tcp-options ]
< filter | ignore > < udp | tcp > < ip-addr < mask-length > [ udp/tcp-options ]
< filter | ignore >
< udp | tcp > < any | host < ip-addr > | ip-addr < mask-length >>
Configuring and Applying Connection-Rate ACLs
Creates a connection-rate-filter ACL and puts the CLI
into the access control entry (ACE) context:
ProCurve(config-crf-nacl)#
If the ACL already exists, this command simply puts
the CLI into the ACE context.
Used in the ACE context (above) to specify the action
of the connection-rate ACE (filter or ignore), and the
UDP/TCP criteria and SA of the IP traffic that the ACE
affects.
filter: This option assigns a policy of filtering (drop-
ping) IP traffic having an SA that matches the source
address criteria in the ACE.
ignore: This option specifies a policy of allowing IP
traffic having an SA that matches the source address
criteria in the ACE.
Applies the filter or ignore action to either TCP pack
ets or UDP packets having the specified SA.
any: Applies the ACEs action (filter or ignore) to IP
traffic having any SA.
host < ip-addr >: Applies the ACEs action (filter or
ignore) to IP traffic having the specified host SA.
Virus Throttling
3-23