To Next Page

To Previous Page

Virus Throttling (5300xl Switches Only)

Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Enabling Connection-Rate Filtering and

Configuring a Connection-Rate ACL Using

General Operation of Connection-Rate Filtering . . . . . . . . . . . . . . . . . . . . . 3-5

Filtering Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Sensitivity to Connection Rate Detection . . . . . . . . . . . . . . . . . . . . . . . 3-6

Application Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

General Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

For a network that is relatively attack-free: . . . . . . . . . . . . . . . . . . . . . 3-9

For a network that appears to be under significant attack: . . . . . . . . 3-10

Basic Connection-Rate Filtering Configuration . . . . . . . . . . . . . . . . . . . . . 3-11

Global and Per-Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

Configuring Sensitivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

Configuring the Per-Port Filtering Mode . . . . . . . . . . . . . . . . . . . 3-13

Example of a Basic Connection-Rate Filtering Configuration . . 3-14

Viewing and Managing Connection-Rate Status . . . . . . . . . . . . . . . . . 3-16

Viewing the Connection-Rate Configuration . . . . . . . . . . . . . . . . 3-16

Listing and Unblocking the Currently-Blocked Hosts . . . . . . . . . 3-18

Configuring and Applying Connection-Rate ACLs . . . . . . . . . . . . . . . . . . . 3-20

Connection-Rate ACL Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Source IP Address Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

Configuring a Connection-Rate ACL Using UDP/TCP Criteria . . . . . 3-23

Applying Connection-Rate ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

Using CIDR Notation To Enter the ACE Mask . . . . . . . . . . . . . . . . . . 3-26

Example of Using an ACL in a Connection-Rate Configuration . . . . 3-27

3-1

Brand

Model

ProCurve 3400cl-24G

HP ProCurve 3400cl-24G Access Security Guide

Other manuals for HP ProCurve 3400cl-24G