Virus Throttling (5300xl Switches Only)
Configuring and Applying Connection-Rate ACLs
< tcp-data > or < udp-data >
TCP or UDP Port Number or (Well-
Known) Port Name: Use the TCP or UDP port
number required for the desired match. The
switch also accepts certain well-known TCP or
UDP port names as alternates to their corre-
sponding port numbers:
TCP/UDP-PORT: Specify port by number.
bootpc: Bootstrap Protocol, client (68)
bootps: Bootstrap Protocol, server (67)
dns: Domain Name Service (53)
ntp: Network Time Protocol (123)
radius: Remote Authentication Dial-In User
Service (1812)
radius-old: Remote Authentication Dial-In
User Service 1645)
rip: Routing Information Protocol (520)
snmp: Simple Network Management Protocol
(161)
snmp-trap: Simple Network Management Pro-
tocol (162)
tftp: Trivial File Transfer Protocol (69)
ProCurve(config)# ignore tcp host 15.75.10.11 destination-port eq 1812
source-port eq 1812
Ignore (allow) tcp traffic from the
host at 15.75.10.11 with both
source and destination tcp ports
of 1812.
ProCurve(config)# filter udp 15.75.10.0/24 source-port neq 162
destination-port eq 162
Filter (drop) udp traffic from the
subnet at 15.75.10.0 with a
source udp port number not
equal to 162 and a destination
udp port number of 162.
Figure 3-9. Examples of Connection-Rate ACEs Using UDP/TCP Criteria
3-25
To Next Page
Loading...
Need help?
General