Enabling global connection-rate filtering and sensitivity
Use the commands in this section to enable connection-rate filtering on the switch and to apply the filtering on a per-port basis.
Syntax
connection-rate-filter sensitivity < low | medium | high | aggressive >
[no] connection-rate-filter
-
Enables connection-rate filtering.
-
Sets the global sensitivity level at which the switch interprets a given host attempt to connect to a series of different devices as a possible attack by a malicious agent residing in the host.
Options for configuring sensitivity include:
low
-
Sets the connection-rate sensitivity to the lowest possible sensitivity, which allows a mean of 54 destinations in less than 0.1 seconds, and a corresponding penalty time for Throttle mode (if configured) of less than 30 seconds.
medium
-
Sets the connection-rate sensitivity to allow a mean of 37 destinations in less than 1 second, and a corresponding penalty time for Throttle mode (if configured) between 30 and 60 seconds.
high
-
Sets the connection-rate sensitivity to allow a mean of 22 destinations in less than 1 second, and a corresponding penalty time for Throttle mode (if configured) between 60 and 90 seconds.
aggressive
-
Sets the connection-rate sensitivity to the highest possible level, which allows a mean of 15 destinations in less than 1 second, and a corresponding penalty time for Throttle mode (if configured) between 90 and 120 seconds.
[no] connection-rate-filter
-
This command disables connection-rate filtering on the switch.
The sensitivity settings configured on the switch determine the Throttle mode penalty periods.