Virus Throttling
Configuring and Applying Connection-Rate ACLs
For more on ACE masks, refer to “How an ACE Uses a Mask To Screen Packets
for Matches” in the chapter titled “Access Control Lists” in the Advanced
Traffic Management Guide for your switch.
Example of Using an ACL in a Connection-Rate
Configuration
This example adds connection-rate ACLs to the basic example on page 3-14.
Server
Company
Intranet
VLAN 1
15.45.100.1
VLAN 10
15.45.200.1
5400zl Switch
Server
VLAN 15
15.45.300.1
Switch
Server
Server
Switch
Switch
A
B
C
D
E
H
F
G
B1
B2
B3
B9
B4
D1
D2
IP Address:
15.45.100.7
IP Address: 15.45.50.17
Figure 3-10. Sample Network
In the basic example on page 3-14, the administrator configured connection-
rate blocking on port D2. However:
■ The administrator has elevated the connection-rate sensitivity to high.
■ The server at IP address 15.45.50.17 frequently transmits a relatively
high rate of legitimate connection requests, which now triggers
connection-rate blocking of the server’s IP address on port D2. This
causes periodic, unnecessary blocking of access to the server.
3-27
To Next Page
Loading...
Need help?
General
