431
Step Command
2. Enter connection limit policy view.
connection-limit policy
policy-number
3. Configure an ACL-based connection
limit rule.
limit
limit-id
acl
acl-number [ {
per-destination
|
per-service
|
per-source
} *
amount
max-amount min-amount ]
Applying the connection limit policy
To make a connection limit policy take effect, apply it to a NAT service module.
To apply a connection limit policy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Apply a connection limit
policy to the NAT module.
nat connection-limit-policy
policy-number
Only one connection limit policy
can be applied to a NAT module.
Displaying and maintaining connection limiting
Task Command Remarks
Display information about
one or all connection limit
policies.
display connection-limit policy
{ policy-number
|
all
} [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display connection limit
statistics.
display connection-limit statistics
[
source
src-address { mask-length | mask } ] [
destination
dst-address { mask-length | mask } ]
[
destination-port
{
eq
|
gt
|
lt
|
neq
|
range
}
port-number ] [
vpn-instance
vpn-instance-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display NAT connection limit
statistics.
display nat connection-limit
[
source
src-address { mask-length | mask } ] [
destination
dst-address { mask-length | mask } ]
[
destination-port
{
eq
|
gt
|
lt
|
neq
|
range
}
port-number ] [
vpn-instance
vpn-instance-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Troubleshooting connection limiting
Symptom
Connection limit rules with overlapping segments:
On the router, create a connection limit policy and configure two rules for the policy. One limits
connections from each host on segment 192.168.0.0/24 with the upper connection limit 10, and
another limits connections from 192.168.0.100 with the upper connection limit 100.
<Router> system-view
To Next Page
Loading...
