3-21
Virus Throttling (Connection-Rate Filtering)
Configuring and Applying Connection-Rate ACLs
Configuring a Connection-Rate ACL Using UDP/TCP 
Criteria
(To configure a connection-rate ACL using source IP address criteria, refer 
to page 3-19.)
Syntax: ip access-list connection-rate-filter < crf-list-name >
Creates a connection-rate-filter ACL and puts the CLI 
into the access control entry (ACE) context:
 HP Switch(config-crf-nacl)#
If the ACL already exists, this command simply puts 
the CLI into the ACE context.
Syntax: < filter | ignore > < udp | tcp > < any >
< filter | ignore > < udp | tcp > < host < ip-addr > > [ udp/tcp-options ]
< filter | ignore > < udp | tcp > < ip-addr < mask-length > [ udp/tcp-options ]
  Used in the ACE context (above) to specify the action 
of the connection-rate ACE (filter or ignore), and the 
UDP/TCP criteria and SA of the IP traffic that the ACE 
affects.
< filter | ignore >
filter: This option assigns a policy of filtering (drop-
ping) IP traffic having an SA that matches the source 
address criteria in the ACE. 
ignore: This option specifies a policy of allowing IP 
traffic having an SA that matches the source address 
criteria in the ACE.
< udp | tcp > < any | host < ip-addr > | ip-addr < mask-length >>
Applies the filter or ignore action to either TCP pack-
ets or UDP packets having the specified SA.
any: Applies the ACEs action (filter or ignore) to IP 
traffic having any SA.
host < ip-addr >: Applies the ACEs action (filter or 
ignore) to IP traffic having the specified host SA.