Enabling global connection-rate filtering and sensitivity

Use the commands in this section to enable connection-rate filtering on the switch and to apply the filtering on a per-port basis.

Syntax

connection-rate-filter sensitivity < low | medium | high | aggressive >
no connection-rate-filter
This command:
  • Enables connection-rate filtering.

  • Sets the global sensitivity level at which the switch interprets a given host attempt to connect to a series of different devices as a possible attack by a malicious agent residing in the host.

Options for configuring sensitivity include:

low

Sets the connection-rate sensitivity to the lowest possible sensitivity, which allows a mean of 54 destinations in less than 0.1 seconds, and a corresponding penalty time for Throttle mode (if configured) of less than 30 seconds.

medium

Sets the connection-rate sensitivity to allow a mean of 37 destinations in less than 1 second, and a corresponding penalty time for Throttle mode (if configured) between 30 and 60 seconds.

high

Sets the connection-rate sensitivity to allow a mean of 22 destinations in less than 1 second, and a corresponding penalty time for Throttle mode (if configured) between 60 and 90 seconds.

aggressive

Sets the connection-rate sensitivity to the highest possible level, which allows a mean of 15 destinations in less than 1 second, and a corresponding penalty time for Throttle mode (if configured) between 90 and 120 seconds.

no connection-rate-filter

This command disables connection-rate filtering on the switch.

NOTE:

The sensitivity settings configured on the switch determine the Throttle mode penalty periods.