Setting nat connection limit, Introduction to connection limit, Configuring connection limit – H3C Technologies H3C S12500 Series Switches User Manual
Page 119: Creating a connection limit policy
105
Step Command
Remarks
1.
Enter system view.
system-view N/A
2.
Specify the IP address
and UDP port number
of the NAT log server.
•
In standalone mode:
userlog nat export slot slot-number host
{ ipv4-address | ipv6 ipv6-address }
udp-port
•
In IRF mode:
userlog nat export chassis chassis-number
slot slot-number host { ipv4-address | ipv6
ipv6-address } udp-port
N/A
3.
Specify the source IP
address for the UDP
packets that carry NAT
logs.
userlog nat export source-ip ip-address
Optional.
By default, the source IP
address is the IP address of
the interface through which
the UDP packets are sent.
4.
Specify the version
number of the NAT log
packets.
userlog nat export version version-number
Optional.
Version 1 by default.
Setting NAT connection limit
Introduction to connection limit
A user that initiates a large quantity of connections in a short period of time occupies large amounts of
system resources, preventing other users from accessing network resources. An internal server that
receives large numbers of connection requests within a short time cannot process them in time or accept
other normal connection requests.
To avoid such situations, you can configure a connection limit policy to limit the number of connections,
connection rate, and connection bandwidth. The limits to the connection rate and bandwidth cannot be
specified at the same time.
NOTE:
•
For options not configured in the connection limit policy, the default configurations take effect.
•
For user connections not covered in the connection limit policy, the default configurations take effect.
Configuring connection limit
Creating a connection limit policy
Step Command
1.
Enter system view.
system-view
2.
Create a connection limit policy and enter its
view.
connection-limit policy policy-number