Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
51525354555657585960
Figure 31 Example of listing hosts blocked by connection-rate filtering
Unblocking currently-blocked hosts
If a host becomes blocked by triggering connection-rate filtering on a port configured to block high
connection rates, the host remains blocked on all ports on the switch even if you change the per-port
filtering configuration. To help prevent a malicious host from automatically regaining access to the
network, the source IP address block imposed by connection-rate filtering does not age-out.
When a host becomes blocked the switch generates a event log message and sends the message
to any configured SNMP trap receivers. An example of an event log message is:
Src IP xxx.xxx.xxx.xxx blocked
NOTE: Before unblocking a host that was blocked by connection-rate filtering, HP recommends
inspecting the host with current antivirus tools and removing all potentially malicious agents.
If a trusted host frequently triggers connection-rate blocking with legitimate, high connection-rate
traffic, consider either changing the sensitivity level on the associated port or configuring a
connection-rate ACL to create a filtering exception for the host.
Syntax:
connection-rate-filter unblock <all | host | ip-addr>
all
Unblocks all hosts currently blocked due to action by connection-rate filtering on
ports where block mode has been configured.
host<ip-addr>
Unblocks the single host currently blocked due to action by connection-rate filtering
on ports where block mode has been configured.
ip-addr<mask>
Unblocks traffic from any host in the specified subnet currently blocked due to action
by connection-rate filtering on ports where block mode has been configured.
NOTE: There is also an option to unblock any host belonging to a specific VLAN
using the vlan<vid> connection-rate-filter unblock command.
NOTE: For a complete list of options for unblocking hosts, see “Unblocking a currently blocked
host” (page 67).
Configuring and applying connection-rate ACLs
Configuring a connection-rate ACL using source IP address criteria
To configure a connection-rate ACL using UDP/TCP criteria, see “Configuring a connection-rate
ACL using UDP/TCP criteria” (page 59).
Syntax:
ip access-list connection-rate-filter <crf-list-name>
Creates a connection-rate-filter ACL and puts the CLI into the ACE context:
58 Virus throttling (connection-rate filtering)