KB.15.15

Figure 32 Examples of connection-rate ACEs using UDP/TCP criteria

Applying connection-rate ACLs

To apply a connection-rate ACL, use the access group command described below.

NOTE: This command differs from the access group command for non-connection-rate ACLs.

Syntax:

[no]vlan vid ip access-group crf-list-name

connection-rate-filter

This command applies a connection-rate access control list (ACL) to inbound traffic

on ports in the specified VLAN that are configured for connection-rate filtering. A

connection-rate ACL does not apply to ports in the VLAN that are not configured

for connection-rate filtering.

The [no] form of the command removes the connection-rate ACL assignment from

the VLAN.

NOTE:

• The switch allows only one connection-rate ACL assignment per VLAN. If a

connection-rate ACL is already assigned to a VLAN, assigning another to the

same VLAN overwrites the first ACL with the second.

• A connection-rate ACL can be in addition to any standard or extended ACLs

already assigned to the VLAN.

Using an ACL in a connection-rate configuration example

This example adds connection-rate ACLs to the example on Figure 28 (page 54).

62 Virus throttling (connection-rate filtering)