Configuring the connection limit policy – H3C Technologies H3C S12500 Series Switches User Manual
Page 120
106
Configuring the default connection limit action/parameters
For user connections not specifically limited by the connection limit policy, the default connection limit
action applies.
•
If the default connection limit action is deny, the user connections are not counted or limited.
•
If the default connection limit action is permit, the user connections are limited according to the
configured default connection limit parameters. When the number of connections reaches the
upper limit, the user cannot establish new connections. When the connection number goes below
the lower limit, the user can establish new connections.
To validate default connection limit parameters, you must bind the connection limit policy to the NAT
module. For more information about binding the connection limit policy to the NAT module, see "
the connection limit policy to the NAT module
To configure the default connection limit action/parameters:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter connection limit policy
view.
connection-limit policy
policy-number
N/A
3.
Set the default connection
limit action.
connection-limit default action
{ deny | permit }
Optional.
The default is deny. User
connections are not counted and
limited.
4.
Set the default connection
limit parameters.
connection-limit default amount
upper-limit max-amount
lower-limit min-amount
Optional.
By default, the upper limit is 512,
and the lower limit is 256.
Configuring the connection limit policy
You can configure multiple limit rules (identified by limit ID) for a connection limit policy. A limit rule
allows you to reference an ACL to limit and count user connections matching the ACL, and specify limit
types and maximum and minimum connection numbers. The limit rules are applied in the ascending
order of limit IDs.
When the maximum connection number of a limit type is reached, the switch will not accept new
connections of this type until its minimum connection number is reached.
An ACL-based connection limit rule supports the following limit types:
•
per-destination—Limits connections to the same destination IP address.
•
per-service—Limits connections of the same service (or an application).
•
per-source—Limits connections from the same source IP address.
If you specify multiple limit types in one limit rule, they work together to limit and count user connections.
For example, with both per-destination and per-service limit types specified, the limit rule limits and
counts the user connections of the same service that are destined to the same destination IP address.
To configure an ACL-based connection limit policy:
Step Command
1.
Enter system view.
system-view