Binding the policy to a vip – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 47

Advertising
background image

ServerIron ADX Security Guide

33

53-1002440-03

Maximum concurrent connection limit per client

1

ServerIronADX(config)# client-connection-limit max-conn1

ServerIronADX(config-client-max-conn)# max-conn default 10

In this example, all clients not specified in any max connection group will have a maximum of 10
connections.

Syntax: [no] max-conn [<client-ip-address> <client-subnet-mask> default <max-connections>

Enter a default maximum number of connections for <max-connections>

Excluding clients from maximum connection policy
If you want certain clients to be excluded from any maximum connection policies, enter a command
such as the following.

ServerIronADX(config)# client-connection-limit max-conn1

ServerIronADX(config-client-trl)# max-conn 100.1.4.0 255.255.255.0 exclude

In this example, clients in the 100.1.4.0 subnet will be excluded for any maximum connection rules.

Syntax: [no] max-conn [<client-ip-address> <client-subnet-mask> exclude

Displaying the maximum number of connections for clients that are currently connected
To show the maximum number connection policy for a client that is currently connected, enter
command such as the following on the barrel processor (BP) console.

ServerIronADX1# show conn pass1 0

Max Count: 2500 Total Count: 55

IP address Mask config hit denied

0.0.0.0 0.0.0.0 10 0 0

120.20.1.0 255.255.255.192 12 0 0

120.20.1.16 255.255.255.240 15 0 0

120.20.1.21 255.255.255.255 exclude 0 0

120.20.1.23 255.255.255.255 exclude 0 0

120.20.1.24 255.255.255.255 15 20 5

Current connections:

VIP 20.20.1.6: 15

120.20.1.25 255.255.255.255 exclude 0 0

120.20.1.27 255.255.255.255 exclude 20 0

Current connections:

VIP 20.20.1.6: 20

120.20.1.29 255.255.255.255 exclude 0 0

120.20.1.30 255.255.255.255 15 20 5

Current connections:

VIP 20.20.1.6: 15

120.20.1.33 255.255.255.255 exclude 20 0

ServerIronADX1#

Syntax: show connection-limit <name> <offset>

Enter the name of the max connection policy for <name>.

Enter the starting entry for <offset>

Binding the policy to a VIP

After creating a maximum connection policy, bind it to a VIP by entering commands such as the
following.

ServerIronADX(config)#server virtual-name-or-ip virt-2

ServerIronADX(config-vs-virt-2)#client-max-conn-limit max-conn1

Advertising
Popular Brands
Popular manuals