3-24
Virus Throttling (Connection-Rate Filtering)
Configuring and Applying Connection-Rate ACLs
Figure 3-9. Examples of Connection-Rate ACEs Using UDP/TCP Criteria
< tcp-data > or < udp-data >
TCP or UDP Port Number or (Well-
Known) Port Name: Use the TCP or UDP port 
number required for the desired match. The 
switch also accepts certain well-known TCP or 
UDP port names as alternates to their corre-
sponding port numbers:
TCP/UDP-PORT:  Specify port by number.
bootpc: Bootstrap Protocol, client (68)
bootps: Bootstrap Protocol, server (67)
dns: Domain Name Service (53)
ntp: Network Time Protocol (123)
radius: Remote Authentication Dial-In User 
Service (1812)
radius-old: Remote Authentication Dial-In 
User Service 1645)
rip: Routing Information Protocol (520)
snmp: Simple Network Management Protocol 
(161)
snmp-trap: Simple Network Management Pro-
tocol (162)
tftp: Trivial File Transfer Protocol (69)
 HP Switch(config)# ignore tcp host 15.75.10.11 destination-port eq 1812
 source-port eq 1812
 HP Switch(config)# filter udp 15.75.10.0/24 source-port neq 162 
 destination-port eq 162
Ignore (allow) tcp traffic from the 
host at 15.75.10.11 with both 
source and destination tcp ports 
of 1812.
Filter (drop) udp traffic from the 
subnet at 15.75.10.0 with a 
source udp port number not 
equal to 162 and a destination 
udp port number of 162.