Unblocking currently-blocked hosts

If a host becomes blocked by triggering connection-rate filtering on a port configured to block high connection rates, the host remains blocked on all ports on the switch even if you change the per-port filtering configuration. To help prevent a malicious host from automatically regaining access to the network, the source IP address block imposed by connection-rate filtering does not age-out.

When a host becomes blocked the switch generates a event log message and sends the message to any configured SNMP trap receivers. An example of an event log message is:

Src IP xxx.xxx.xxx.xxx blocked
NOTE:

Before unblocking a host that was blocked by connection-rate filtering, Hewlett Packard Enterprise recommends inspecting the host with current antivirus tools and removing all potentially malicious agents.

If a trusted host frequently triggers connection-rate blocking with legitimate, high connection-rate traffic, consider either changing the sensitivity level on the associated port or configuring a connection-rate ACL to create a filtering exception for the host.

Syntax

connection-rate-filter unblock < all | host | ip-addr >
    

all

Unblocks all hosts currently blocked due to action by connection-rate filtering on ports where block mode has been configured.

host < ip-addr >

Unblocks the single host currently blocked due to action by connection-rate filtering on ports where block mode has been configured.

ip-addr < mask >

Unblocks traffic from any host in the specified subnet currently blocked due to action by connection-rate filtering on ports where block mode has been configured.

NOTE:

There is also an option to unblock any host belonging to a specific VLAN using the vlan <vid> connection-rate-filter unblock command.

NOTE:

For a complete list of options for unblocking hosts, see Unblocking a currently blocked host.