Connection-rate ACL operation

A connection-rate ACL applies to inbound traffic on all ports configured for connection-rate filtering in the assigned VLAN, and creates an exception to the connection-rate filter policy configured on each port. A connection-rate ACL has no effect on ports in the VLAN that are not configured for connection-rate filtering.

A connection-rate ACL accepts inbound, legitimate traffic from trusted sources without filtering the traffic for the configured connection-rate policy. You can configure an ACL to assign policy filtering (filter) for traffic from some sources and no policy filtering (ignore) for traffic from other sources. However, the implicit filter invoked as the last entry in any connection-rate ACL ensures that any traffic not specifically excluded from policy filtering (by the ignore command) is filtered by the configured policy for the port on which that traffic entered the switch.

Figure 17: Connection-rate ACL applied to traffic received through a given port