EasyManuals Logo

HP 3500yl Series User Manual

HP 3500yl Series
778 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #120 background imageLoading...
Page #120 background image
3-18
Virus Throttling (Connection-Rate Filtering)
Configuring and Applying Connection-Rate ACLs
Configuring and Applying
Connection-Rate ACLs
A host sending legitimate traffic can trigger connection-rate filtering in some
circumstances. If you can verify that such a host is indeed sending valid traffic
and is not a threat to your network, you may want to configure a connection-
rate ACL (access control list) that allows this traffic to bypass the configured
connection-rate filtering.
A connection-rate Access Control List (ACL) is an optional tool that consists
of one or more explicitly configured Access Control Entries (ACEs) used to
specify whether to enforce the configured connection-rate policy on traffic
from a particular source.
Use of connection-rate ACLs provides the option to apply exceptions to the
configured connection-rate filtering policy. This enables you to allow legiti-
mate traffic from a trusted source, and apply connection-rate filtering only to
inbound traffic from untrusted sources. For example, where a connection-rate
policy has been configured, you can apply a connection-rate ACL that causes
the switch bypass connection-rate policy filtering on traffic from:
A trusted server exhibiting a relatively high IP connection rate due to
heavy demand
A trusted traffic source on the same port as other, untrusted traffic
sources.
The criteria for an exception can include the source IP address of traffic from
a specific host, group of hosts, or a subnet, and can also include source and
destination TCP/UDP criteria. This allows you to apply a notify-only, throt-
tling, or blocking policy while allowing exceptions for legitimate traffic from
specific sources. You can also allow exceptions for traffic with specific TCP
or UDP criteria.
Command Page
ip access-list connection-rate-filter < crf-list-name > 3-20, 3-22
< filter | ignore > ip < any | host < ip-addr > | ip-addr < mask >> 3-20
< filter | ignore > < udp | tcp > < source > < options >3-22
vlan < vid > ip access-group < crf-list-name > connection-rate-filter

Table of Contents

Other manuals for HP 3500yl Series

Preview: Specifications
Specifications16 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3500yl Series and is the answer not in the manual?

HP 3500yl Series Specifications

General IconGeneral
Input Voltage100-240 VAC
Ports24/48 x 10/100/1000 ports (depending on model)
Uplink Ports4 x SFP ports
LayerLayer 3
ManagementCLI, Web, SNMP
Routing ProtocolRIP, OSPF, BGP
Operating Temperature0°C to 45°C
StackingYes
Memory512 MB
VLAN SupportYes
Layer 3 RoutingYes
Security FeaturesACLs, 802.1X
Power SupplyInternal
Power over Ethernet (PoE)Optional

Related product manuals