Configuring per-port filtering
Syntax
filter connection-rate <port-list> {notify-only | throttle | block}
no filter connection-rate <port-list>
Configures the per-port policy for responding to detection of a relatively high number of inbound IP connection attempts from a given source. The level at which the switch detects such traffic depends on the sensitivity setting configured by the
connection-rate-filter sensitivity
command.
You can use connection-rate ACLs to create exceptions to the configured filtering policy.
The
no
form of the command disables connection-rate filtering on the ports in #
<port-list>
.
The
notify-only
option can be used if the switch detects a relatively high number of IP connection attempts from a specific host,
notify-only
generates an Event Log message and sends a similar message to any SNMP trap receivers configured on the switch.
The
throttle
command can be used if the switch detects a relatively high number of IP connection attempts from a specific host, this option generates the
notify-only
messaging and blocks all inbound traffic from the offending host for a penalty period. After the penalty period, the switch allows traffic from the offending host to resume, and re-examines the traffic. If the suspect behavior continues, the switch again blocks the traffic from the offending host and repeats the cycle.
The
block
command can be used if the switch detects a relatively high number of IP connection attempts from a specific host, this option generates the
notify-only
messaging and also blocks all inbound traffic from the offending host.
Throttle mode (sensitivity) |
Frequency of IP connection requests from the same source |
Mean number of new destination hosts in the frequency period |
Penalty period |
---|---|---|---|
Low |
<0.1 second |
54 |
<30 seconds |
Medium |
<1.0 second |
37 |
30 - 60 seconds |
High |
<1.0 second |
22 |
60 - 90 seconds |
Aggressive |
<1.0 second |
15 |
90 - 120 seconds |
Example of a Basic Connection-Rate Filtering Configuration