3-16
Virus Throttling (Connection-Rate Filtering)
Configuring Connection-Rate Filtering
When a host becomes blocked the switch generates the following Event Log 
message and also sends a similar message to any configured SNMP trap 
receivers.
Src IP xxx.xxx.xxx.xxx blocked
Note HP recommends that, before you unblock a host that has been blocked by 
connection-rate filtering, you inspect the host with current antivirus tools and 
remove any malicious agents that pose a threat to your network.
If a trusted host frequently triggers connection-rate blocking with legitimate, 
high connection-rate traffic, then you may want to consider either changing 
the sensitivity level on the associated port or configuring a connection-rate 
ACL to create a filtering exception for the host.
Note For a complete list of options for unblocking hosts, see page 3-6. 
Syntax: connection-rate-filter unblock < all | host  | ip-addr >
all: Unblocks all hosts currently blocked due to action by 
connection-rate filtering on ports where block mode has 
been configured.
host < ip-addr >: Unblocks the single host currently blocked 
due to action by connection-rate filtering on ports where 
block mode has been configured.
ip-addr < mask > : Unblocks traffic from any host in the 
specified subnet currently blocked due to action by connec-
tion-rate filtering on ports where block mode has been 
configured.
Note: There is also an option to unblock any host belonging 
to a specific VLAN using the vlan <vid> connection-rate-filter 
unblock command.