Configuring The Per-Port Filtering Mode - HP ProCurve 6400cl Series Access Security Manual
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
Configuring the Per-Port Filtering Mode
Syntax: filter connection-rate < port-list > < notify-only | throttle | block >
no filter connection-rate < port-list >
Configures the per-port policy for responding to detection of a
relatively high number of inbound, routed IP connection
attempts from a given source. The level at which the switch
detects such traffic depends on the sensitivity setting config-
ured by the connection-rate-filter sensitivity command (page
3-12). (Note: You can use connection-rate ACLs to create excep-
tions to the configured filtering policy. See "Configuring and
Applying Connection-Rate ACLs" on page 3-20.) The no form of
the command disables connection-rate filtering on the ports in #
< port-list >.
notify-only: If the switch detects a relatively high number of
routed IP connection attempts from a specific host, notify-only
generates an Event Log message. Sends a similar message to
any SNMP trap receivers configured on the switch.
throttle: If the switch detects a relatively high number of routed
IP connection attempts from a specific host, this option gener-
ates the notify-only messaging and also blocks all routed traffic
inbound from the offending host for a penalty period. After the
penalty period, the switch allows routed traffic from the offend-
ing host to resume, and re-examines the traffic. If the suspect
behavior continues, the switch again blocks the routed traffic
from the offending host and repeats the cycle. For the penalty
periods, refer to table 9-1, below.
block: If the switch detects a relatively high number of routed
IP connection attempts from a specific host, this option gener-
ates the notify-only messaging and also blocks all routed and
switched traffic inbound from the offending host.
Table 9-1.
Throttle Mode Penalty Periods
Throttle Mode
Frequency of IP
Connection Requests
from the Same Source
Low
< 0.1 second
Medium
< 1.0 second
High
< 1.0 second
Aggressive
< 1.0 second
Virus Throttling (5300xl Switches Only)
Basic Connection-Rate Filtering Configuration
Mean Number of New
Penalty Period
Destination Hosts in the
Frequency Period
54
37
22
15
90 - 120 seconds
< 30 seconds
30 - 60 seconds
60 - 90 seconds
3-13
Advertisement
Table of Contents
