Operating rules

  • Connection-rate filtering does not operate on IPv6 traffic.

  • Connection-rate filtering is triggered by inbound IP traffic exhibiting high rates of IP connections to new hosts. After connection-rate filtering has been triggered on a port, all traffic from the suspect host is subject to the configured connection-rate policy (notify-only, throttle, or block).

  • When connection-rate filtering is configured on a port, the port cannot be added to, or removed from, a port trunk group. Before this can be done, connection-rate filtering must be disabled on the port.

  • Where the switch is throttling or blocking inbound IP traffic from a host, any outbound traffic destined for that host is still permitted.

  • Once a throttle has been triggered on a port—temporarily blocking inbound IP traffic—it cannot be undone during operation: the penalty period must expire before traffic is allowed from the host.