Displaying and maintaining nat – H3C Technologies H3C S12500 Series Switches User Manual
Page 121
107
Step Command
2.
Enter connection limit policy view.
connection-limit policy policy-number
3.
Configure an ACL-based limit rule.
limit limit-id acl acl-number [ { per-destination | per-service |
per-source } * amount max-amount min-amount ]
NOTE:
The default connection limit parameters apply to the unmatched user connections.
Binding the connection limit policy to the NAT module
In this task, you can bind the configured connection limit policy to the NAT module for connection limit.
Follow these guidelines when you bind the connection limit policy to the NAT module:
•
A NAT module can be bound with only one connection limit policy.
•
The default connection limit parameters take effect after you bind the connection limit policy to the
NAT module.
To bind the connection limit policy to the NAT module:
Step Command
1.
Enter system view.
system-view
2.
Bind the connection limit policy to the NAT
module.
nat connection-limit-policy policy-number
Enabling aging out NAT entries upon master link
failure
In a link backup environment where NAT is enabled on the master and backup interfaces of a gateway
switch, if the master link fails, the backup link switches to the master state. If this feature is enabled on the
switch, all existing NAT entries on the failed link will be aged out immediately, so that new NAT entries
can be created for subsequent packets on the new master link, and thus NAT streams can be directed to
the new link immediately.
To enable aging out NAT entries upon master link failure:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable aging out NAT entries
upon master link failure.
nat link-down reset-session enable
Disabled by default.
Displaying and maintaining NAT
CAUTION:
Clearing the NAT log buffer implies loss of all NAT logs. In general, H3C recommends not using this
command.