Configuring per-port filtering

Syntax

filter connection-rate <port-list> {notify-only | throttle | block}

no filter connection-rate <port-list>

Configures the per-port policy for responding to detection of a relatively high number of inbound IP connection attempts from a given source. The level at which the switch detects such traffic depends on the sensitivity setting configured by the connection-rate-filter sensitivity command.

NOTE:

You can use connection-rate ACLs to create exceptions to the configured filtering policy.

The no form of the command disables connection-rate filtering on the ports in # <port-list>.

The notify-only option can be used if the switch detects a relatively high number of IP connection attempts from a specific host, notify-only generates an Event Log message and sends a similar message to any SNMP trap receivers configured on the switch.

The throttle command can be used if the switch detects a relatively high number of IP connection attempts from a specific host, this option generates the notify-only messaging and blocks all inbound traffic from the offending host for a penalty period. After the penalty period, the switch allows traffic from the offending host to resume, and re-examines the traffic. If the suspect behavior continues, the switch again blocks the traffic from the offending host and repeats the cycle.

The block command can be used if the switch detects a relatively high number of IP connection attempts from a specific host, this option generates the notify-only messaging and also blocks all inbound traffic from the offending host.

Table 6: Throttle mode penalty periods

Throttle mode (sensitivity)

Frequency of IP connection requests from the same source

Mean number of new destination hosts in the frequency period

Penalty period

Low

<0.1 second

54

<30 seconds

Medium

<1.0 second

37

30 - 60 seconds

High

<1.0 second

22

60 - 90 seconds

Aggressive

<1.0 second

15

90 - 120 seconds

Example of a Basic Connection-Rate Filtering Configuration

Figure 913: Sample network