Community
Comware Based

Connection rate limiting ? HPE 5900 AF

 
Eric Hutchinson_2
Advisor

‎11-20-2019 05:49 AM

‎11-20-2019 05:49 AM

Connection rate limiting ? HPE 5900 AF

I have a problem where I need to monitor the network activity coming off a layer 3 routed interface on my 5900 AF for activity that might show the presence of malware spreading over into the rest of my network. If that condition presents itself I would want to immediately /automatically disable that port and others the activity may have spread to in the hopes of containing the spread. I know the Procurve/ Aruba switches have a Virus throttling feature we have yet to try out. Unfortunately this is a comware based switch and I have not found a comparable command. After looking at the Procurve/Aruba Virus throttling feature it looks like the commands monitor the packet rate of port(s) on a switch and if it sees the port(s) communicating  with a number of other ports all at once the port is shutdown. Does something with that capability exist on the HPE 5900 AF?

Thanks

0 Kudos
1 REPLY 1
mmilev
HPE Pro

‎11-25-2019 04:25 AM

‎11-25-2019 04:25 AM

Re: Connection rate limiting ? HPE 5900 AF

Hi Eric,

I have done a research and I have found the below document and there is no Comware7 feature.

http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c04793912-4.pdf

Please have a look into the ARP Attack Protection feature which provides rate limiting.

Security Configuration Guide (page 355)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04566748&withFrame

I hope this help.

Best regards

I am an HPE Employee

Accept or Kudo


0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.