Comware

I have a problem where I need to monitor the network activity coming off a layer 3 routed interface on my 5900 AF for activity that might show the presence of malware spreading over into the rest of my network. If that condition presents itself I would want to immediately /automatically disable that port and others the activity may have spread to in the hopes of containing the spread. I know the Procurve/ Aruba switches have a Virus throttling feature we have yet to try out. Unfortunately this is a comware based switch and I have not found a comparable command. After looking at the Procurve/Aruba Virus throttling feature it looks like the commands monitor the packet rate of port(s) on a switch and if it sees the port(s) communicating  with a number of other ports all at once the port is shutdown. Does something with that capability exist on the HPE 5900 AF?

Thanks

Hi Eric,

I have done a research and I have found the below document and there is no Comware7 feature.

http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c04793912-4.pdf

Please have a look into the ARP Attack Protection feature which provides rate limiting.

Security Configuration Guide (page 355)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04566748&withFrame

I hope this help.

Best regards