Trl plus security acl-id, Security acl-id, Transaction rate limit hold-down value – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 29: Displaying trl rules statistics, Displaying trl rules in a policy

Advertising
background image

ServerIron ADX Security Guide

15

53-1002440-03

Transaction Rate Limit (TRL)

1

ServerIronADX(config)# interface ethernet 1/1

ServerIronADX(config-if-1/1)# ip tcp trans-rate 80

where <ports> sets one or more TCP or UDP ports to monitor. With TRL, the ServerIron can monitor
up to 4 specific ports. The ServerIron can also monitor traffic to all the ports by configuring the
default port.

TRL plus security ACL-ID

Even though TRL is applied to an interface and effects all traffic received on this interface, with the
security acl-id <acl-num> command TRL can be applied only to specific traffic coming in on that
interface.Refer to

“security acl-id”

on page 15.

security acl-id

The security global command accepts acl-id <acl-num> as a parameter.

Syntax: [no] security acl-id <id>

Example

ServerIronADX(config)# security acl-id 4

Once security acl-id <acl-num> is configured, only packets matching the configured ACL will be
subject to the L4 security rules configured on the system. (Specifically, TRL and manual hold down
will take effect only for packets matching this configured ACL). If you want specific traffic to bypass
the L4 security features, then do not include those IP addresses in the access list.

NOTE

The security acl-id takes precedence over all TRL configuration.

Transaction rate limit hold-down value

if you configure "hold down 0," the incoming request is not held down. Instead it generates a log.

Displaying TRL rules statistics

You can display statistics for TRL rules as shown.

Syntax: show client-trl rules-stat

Displaying TRL rules in a policy

You can display TRL rules in a policy as shown.

ServerIronADX#show client-trl rules-stat

Policy-Name default-rule ipv4-rules-alloted ipv4-rules-added ipv6-rules-alloted ipv6-rules-added

trl1

0

2500

0

2500

0

trl2

0

2500

0

2500

0

trl3

0

2500

0

2500

0

Global ipv4 rule num: 2500, total-alloted-ipv4-rules: 7500

Global ipv6 rule num: 2500, total-alloted-ipv6-rules: 7500

Advertising
Popular Brands
Popular manuals