Huawei Quidway S8500 Series

To Next Page

To Previous Page

Command Manual – NAT&URPF&VPLS

Quidway S8500 Series Routing Switches Chapter 1

NAT Configuration Commands

Huawei Technologies Proprietary

1-9

Use the undo nat blacklist command to disable a NAT blacklist attribute or function.

By default, the blacklist feature is disabled.

Use the nat blacklist start command to enable the NAT blacklist feature and start

calculating blacklist users.

Use the undo nat blacklist start command to disable the NAT blacklist function.

Use the nat blacklist mode command to enable operations on blacklist users and set

the thresholds for controlling setup rates or the number of connections.

Use the undo nat blacklist mode command to disable operations on blacklist users.

Use the nat blacklist limit amount command to set the thresholds for controlling the

number of connections with all addresses or an individual source IP address.

Use the undo nat blacklist limit amount command to restore the default thresholds. If

you do not specify an IP address, the command restores the default thresholds for all

addresses. If you specify an IP address, the command restores the thresholds for the

specified IP addresses to those for all addresses.

Use the nat blacklist limit rate command to set the thresholds for controlling the setup

rates of the blacklist. Use the command to set the threshold for controlling the setup

rates of all the addresses.

Use the nat blacklist limit rate source command to set the thresholds for controlling

the setup rate of an individual IP address.

Use the undo nat blacklist limit rate command to restore the default thresholds. If you

do not specify an IP address, the command restores the default thresholds for all

addresses. If you specify an IP address, the command restores the thresholds for the

specified IP addresses to those for all addresses.

By default, the threshold for global setup rate is 250 sessions and the threshold for

controlling the number of connections is 500 sessions.

The default value of the threshold for setup rate of specified IP addresses are the same

as the global threshold for setup rate.

Example

# Enable the NAT blacklist feature for all the system.

[Quidway] nat blacklist start

# Select blacklist as the control mode for the number of connections.

[Quidway] nat blacklist mode amount

# Set the thresholds for controlling the number of connections for all addresses.

[Quidway] nat blacklist limit amount 222

# Set the threshold for controlling the number of connections with IP address 1.1.1.1.

[Quidway] nat blacklist limit amount source 1.1.1.1 2222

Huawei Quidway S8500 Series - Page 1209