Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
51525354555657585960
medium
Sets the connection-rate sensitivity to allow a mean of 37 destinations in less
than 1 second, and a corresponding penalty time for Throttle mode (if
configured) between 30 and 60 seconds.
high
Sets the connection-rate sensitivity to allow a mean of 22 destinations in less
than 1 second, and a corresponding penalty time for Throttle mode (if
configured) between 60 and 90 seconds.
aggressive
Sets the connection-rate sensitivity to the highest possible level, which allows a
mean of 15 destinations in less than 1 second, and a corresponding penalty
time for Throttle mode (if configured) between 90 and 120 seconds.
[no]connection-rate-filter
This command disables connection-rate filtering on the switch.
NOTE: The sensitivity settings configured on the switch determine the Trottle mode penalty periods
as shown in Table 4 (page 56).
Configuring per-port filtering
Syntax:
filter connection-rate port-list < notify-only | throttle
| block >
no filter connection-rate port-list
Configures the per-port policy for responding to detection of a relatively high number
of inbound IP connection attempts from a given source. The level at which the switch
detects such traffic depends on the sensitivity setting configured by the
connection-rate-filter sensitivity command. See “Enabling global
connection-rate filtering and sensitivity” (page 54).
NOTE: You can use connection-rate ACLs to create exceptions to the configured
filtering policy. See Applying connection-rate ACLs” (page 67).
The no form of the command disables connection-rate filtering on the ports in # <
port-list >.
The notify-onlyoption can be used if the switch detects a relatively high number
of IP connection attempts from a specific host, notify-only generates an Event
Log message and sends a similar message to any SNMP trap receivers configured
on the switch.
The trottle command can be used if the switch detects a relatively high number
of IP connection attempts from a specific host, this option generates the
notify-only messaging and blocks all inbound traffic from the offending host
for a penalty period. After the penalty period, the switch allows traffic from the
offending host to resume, and re-examines the traffic. If the suspect behavior
continues, the switch again blocks the traffic from the offending host and repeats
the cycle. For the penalty periods, see Table 4 (page 56).
The block command can be used if the switch detects a relatively high number of
IP connection attempts from a specific host, this option generates the notify-only
messaging and also blocks all inbound traffic from the offending host.
Configuring connection-rate filtering 55