beautypg.com

Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 21

background image

Brocade Virtual ADX Security Guide

9

53-1003250-01

Transaction rate limit

1

Virtual ADX# configure terminal

3. Configure name of a transaction rate limit rule set and enter client transaction rate limit

configuration mode.

Virtual ADX(config)# client-trans-rate-limit tcp TRL1

Syntax: [no] client-trans-rate-limit tcp | udp | icmp name

4. Specify the trl keyword for client subnet and set connection rate.

For IPv4:

Virtual ADX(config-client-trl-trl1)# trl 10.1.1.0 255.255.255.0

monitor-interval 3 conn-rate 10 hold-down-time 1

For IPv6:

Virtual ADX(config-client-trl-trl1)# trl 2001:db8:100::1/128 monitor-interval

3 conn-rate 10 hold-down-time 1

Syntax: [no] trl { client-IPv4 client-mask | client-IPv6 prefix } monitor-interval mon-value

conn-rate con-value hold-down-time hold-down-value

NOTE

If you configure the hold-down-time keyword with a value of 0, the incoming request is not held
down. Instead, it generates a syslog message with the source and destination IP addresses so
that you can passively observe if the transaction count exceeds a specified threshold value
rate limit.

Configure transaction rate limit to exclude a client

You can configure a client address/prefix to be excluded from transaction rate limiting within a
transaction rate limit configuration group.

To exclude a client from transaction rate limit, follow these steps.

1. Enable privileged EXEC mode.

Virtual ADX> enable

2. Enter global configuration mode.

Virtual ADX# configure terminal

3. Specify the name of the transaction rate limit rule set and enter client transaction rate limit

configuration mode.

Virtual ADX(config)# client-trans-rate-limit tcp TRL1

Syntax: [no] client-trans-rate-limit tcp | udp | icmp name

4. Specify the trl parameter for the client subnet and the exclude keyword.

For IPv4:

Virtual ADX(config-client-trl-TRL1)# trl 10.1.1.0 255.255.255.0 exclude

For IPv6:

Virtual ADX(config-client-trl-TRL1)# trl 2001:db8:300::1/128 exclude

Syntax: [no] trl { client-IPv4 client-mask | client-IPv6 prefix } exclude

See also other documents in the category Brocade Computer Accessories: