430
• If the default connection limit action is deny, the user connections are not limited.
• If the default connection limit action is permit, the user connections are limited according to the
configured default connection limit parameters. When the number of connections reaches the
upper limit, users cannot establish new connections. When the connection number goes below
the lower limit, users can establish new connections.
The default connection limit parameters of a connection limit policy take effect only after the policy is
applied. For more information about how to apply a connection limit policy, see "Applying the
connec
tion limit policy."
To configure the default connection limit action and parameters:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter connection limit
policy view.
connection-limit policy
policy-number N/A
3. Set the default
connection limit action.
connection-limit default action
{
deny
|
permit
}
Optional.
By default,
deny
is adopted.
The device does not limit
connections that do not match
the connection limit rules in the
policy.
4. Set the default
connection limit
parameters.
connection-limit default amount
upper-limit
max-amount
lower-limit
min-amount
Optional.
Configuring an ACL-based connection limit rule
An ACL-based connection limit rule references an ACL to specify the connections to be limited. The
rule can limit the number of each group of matching connections.
When the upper connection limit of a connection group is reached, the device does not accept new
connections of the group until the number of connections equals or goes below the lower connection
limit for the group.
The limit rules are matched in ascending order of rule ID. When you configure connection limit rules
for a policy, carefully check the rules and their order. Hewlett Packard Enterprise recommends that
you arrange the rules in ascending order of scale and range.
The following three types of connection limit rules are supported:
• per-destination—Limits connections by destination IP address.
• per-service—Limits connections by service type or application.
• per-source—Limits connections by source IP address.
If you specify multiple limit types in one limit rule, they work together to limit and collect statistics on
user connections. For example, with both per-destination and per-service limit types specified, the
connection limit rule limits and collects statistics on user connections of the same service with the
same destination IP address.
By default, a connection limit policy uses the default connection limit settings. For more information
about the default connection limit settings, see the connection-limit default amount command.
To configure an ACL-based connection limit rule:
Step Command
1. Enter system view.
system-view
To Next Page
Loading...
Need help?
General
