3-19
Virus Throttling (Connection-Rate Filtering)
Configuring and Applying Connection-Rate ACLs
For more information on when to apply connection-rate ACLs, refer to “Appli-
cation Options” on page 3-4.
Note Connection-rate ACLs are a special case of the switch’s ACL feature. If you 
need information on other applications of ACLs or more detailed information 
on how ACLs operate, refer to Chapter 10, “IPv4 Access Control Lists (ACLs)”.
Connection-Rate ACL Operation
A connection-rate ACL applies to inbound traffic on all ports configured for 
connection-rate filtering in the assigned VLAN, and creates an exception to 
the connection-rate filter policy configured on each port. A connection-rate 
ACL has no effect on ports in the VLAN that are not configured for connection-
rate filtering.
A connection-rate ACL accepts inbound, legitimate traffic from trusted 
sources without filtering the traffic for the configured connection-rate policy. 
You can configure an ACL to assign policy filtering (filter) for traffic from some 
sources and no policy filtering (ignore) for traffic from other sources. How-
ever, the implicit filter invoked as the last entry in any connection-rate ACL 
ensures that any traffic not specifically excluded from policy filtering (by the 
ignore command) will be filtered by the configured policy for the port on which 
that traffic entered the switch.