Virus Throttling (5300xl Switches Only)
Configuring and Applying Connection-Rate ACLs
The administrator needs to maintain blocking protection from the “Company
Intranet” while allowing access to the server at 15.45.50.17. Because the server
is carefully maintained as a trusted device, the administrator’s solution is to
configure a connection-rate ACL that causes the switch to ignore (circumvent)
connection-rate filtering for inbound traffic from the server, while maintaining
the filtering for all other inbound routed traffic on port D2.
The configuration steps include:
1. Create the connection-rate ACL with a single entry:
• Use the IP address of the desired server.
• Include a CIDR notation of “32” for the ACL mask. (Which means the
mask will allow only traffic whose SA exactly matches the specified
IP address.)
• The ACL will automatically include the implicit filter ACE as the last
entry, which means that any traffic that is not from the desired server
will be subject to filtering by the connection-rate policy configured
on port D2.
2. Assigning the ACL to the VLAN through which traffic from the server
enters the switch.
names the ACL.
from the desired
switch.
Enters the connection-
rate ACL context and
Configures the action to allow traffic from the server at
15.45.50.17 without filtering through the per-port connection-
rate policy configured on port D2.
Assigns the new
ACL to VLAN 15,
where traffic
server enters the
Figure 3-11. Creating and Assigning a Connection Rate ACL
3-28
To Next Page
Loading...
