Applying the connection limit policy, Connection limit configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 119
109
Step Command
3.
Configure an IP
address-based connection
limit rule.
limit limit-id { source ip { ip-address mask-length | any } [ source-vpn
src-vpn-name ] | destination ip { ip-address mask-length | any }
[ destination-vpn dst-vpn-name ] } * protocol { dns | http | ip | tcp | udp }
max-connections max-num [ per-destination | per-source |
per-source-destination ]
Applying the connection limit policy
To make a connection limit policy take effect, apply it globally.
To apply a connection limit policy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Apply a connection
limit policy.
connection-limit apply policy policy-number
Only one connection limit
policy can be applied
globally.
Displaying and maintaining connection limit policies
Task Command
Remarks
Display information about
one or all connection limit
policies.
display connection-limit policy { policy-number |
all } [ | { begin | exclude | include }
regular-expression ]
Available in any view
Connection limit configuration example
Network requirements
As shown in
, a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The
internal network address is 192.168.0.0/16 and two servers are on the internal network. Perform NAT
configuration so that the internal users can access the Internet and external users can access the internal
servers, and configure connection limiting so that:
•
Each host on segment 192.168.0.0/24 can establish up to 100 connections to external network and
all the other hosts can establish as many connections as possible.
•
Permit up to 10000 connections from the external network to the DNS server.
•
Permit up to 10000 connections from the external network to the Web server.