Configuring transaction rate limit rules – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 26

Advertising
background image

14

Brocade Virtual ADX Security Guide

53-1003250-01

Transaction rate limit

1

NOTE

Where the storage of TRL rules on the internal USB drive of a Brocade Virtual ADX is disabled and
the total rules exceeds 50, only 50 rules would be saved in startup-config.

Configuring transaction rate limit rule names and traffic types

Use the client-trans-rate-limit command in the global configuration mode to configure a transaction
rate limit rule name and traffic type.

Syntax: client-trans-rate-limit {icmp name | default} | {tcp name | default} |

{udp name | default}

The icmp name parameter specifies the name of an ICMP transaction rate limit rule for client
subnet.

The tcp name parameter specifies the name of a TCP transaction rate limit for client subnet.

The udp name parameter specifies the name of a UDP transaction rate limit for client subnet.

The default operand specifies that the rule is the default.

Configuring transaction rate limit rules

Use the trl command in the global configuration client-trl mode to configure transaction rate limit
rules.

Syntax: trl {default | { client-Ipv4 client-mask | client-Ipv6 prefix } {exclude | monitor-interval

monitor-value conn-rate connection-value hold-down-time hold-down-value}}

The default operand specifies default transaction rate limit parameter.

The client-Ipv4 parameter specifies the IPv4 client subnet and the client-mask parameter specifies
the IPv4 client mask.

The client-Ipv6 parameter specifies IPv6 client subnet and prefix parameter specifies the IPv6
client mask bits.

The exclude operand specifies to exclude the prefix from transaction rate limit.

The monitor-interval operand specifies time interval for monitoring in 100ms.

The monitor-value parameter specifies value of time interval for monitoring.

The conn-rate operand specifies connection rate.

The connection-value parameter specifies value of connection rate for client.

The hold-down-time operand specifies the time for holding down source.

The hold-down-value operand parameter hold down time in minutes.

NOTE

If you configure the hold-down-time keyword with a value of 0, the incoming request is not held down.
Instead, it generates a syslog message with the source and destination IP addresses so that you can
passively observe if the transaction count exceeds a specified threshold value rate limit.

Command modes
Global configuration mode.

Advertising
Popular Brands
Popular manuals