Trl plus security acl-id, Security acl-id, Transaction rate limit hold-down value – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual
Page 29: Displaying trl rules statistics, Displaying trl rules in a policy
ServerIron ADX Security Guide
15
53-1002440-03
Transaction Rate Limit (TRL)
1
ServerIronADX(config)# interface ethernet 1/1
ServerIronADX(config-if-1/1)# ip tcp trans-rate 80
where
up to 4 specific ports. The ServerIron can also monitor traffic to all the ports by configuring the
default port.
TRL plus security ACL-ID
Even though TRL is applied to an interface and effects all traffic received on this interface, with the
security acl-id
interface.Refer to
security acl-id
The security global command accepts acl-id
Syntax: [no] security acl-id
Example
ServerIronADX(config)# security acl-id 4
Once security acl-id
subject to the L4 security rules configured on the system. (Specifically, TRL and manual hold down
will take effect only for packets matching this configured ACL). If you want specific traffic to bypass
the L4 security features, then do not include those IP addresses in the access list.
NOTE
The security acl-id takes precedence over all TRL configuration.
Transaction rate limit hold-down value
if you configure "hold down 0," the incoming request is not held down. Instead it generates a log.
Displaying TRL rules statistics
You can display statistics for TRL rules as shown.
Syntax: show client-trl rules-stat
Displaying TRL rules in a policy
You can display TRL rules in a policy as shown.
ServerIronADX#show client-trl rules-stat
Policy-Name default-rule ipv4-rules-alloted ipv4-rules-added ipv6-rules-alloted ipv6-rules-added
trl1
0
2500
0
2500
0
trl2
0
2500
0
2500
0
trl3
0
2500
0
2500
0
Global ipv4 rule num: 2500, total-alloted-ipv4-rules: 7500
Global ipv6 rule num: 2500, total-alloted-ipv6-rules: 7500