Configuring per-port filtering

Syntax

filter connection-rate < port-list > < notify-only | throttle | block >
    

no filter connection-rate < port-list >
    

Configures the per-port policy for responding to detection of a relatively high number of inbound IP connection attempts from a given source. The level at which the switch detects such traffic depends on the sensitivity setting configured by the connection-rate-filter sensitivity command.

The no form of the command disables connection-rate filtering on the ports in # <port-list>.

The notify-onlyoption can be used if the switch detects a relatively high number of IP connection attempts from a specific host, notify-only generates an Event Log message and sends a similar message to any SNMP trap receivers configured on the switch.

The throttle command can be used if the switch detects a relatively high number of IP connection attempts from a specific host, this option generates the notify-only messaging and blocks all inbound traffic from the offending host for a penalty period. After the penalty period, the switch allows traffic from the offending host to resume, and re-examines the traffic. If the suspect behavior continues, the switch again blocks the traffic from the offending host and repeats the cycle. For the penalty periods, see Table 7: Throttle mode penalty periodsShow CLIsTroubleshootingConfiguration commandsShow commandSecure Radius (RadSec).

The block command can be used if the switch detects a relatively high number of IP connection attempts from a specific host, this option generates the notify-only messaging and also blocks all inbound traffic from the offending host.

Example of a Basic Connection-Rate Filtering Configuration