Setting nat connection limit, Introduction to connection limit, Configuring connection limit – H3C Technologies H3C S12500 Series Switches User Manual

105

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Specify the IP address

and UDP port number
of the NAT log server.

•

In standalone mode:

userlog nat export slot slot-number host
{ ipv4-address | ipv6 ipv6-address }

udp-port

•

In IRF mode:

userlog nat export chassis chassis-number

slot slot-number host { ipv4-address | ipv6

ipv6-address } udp-port

N/A

3.

Specify the source IP
address for the UDP

packets that carry NAT

logs.

userlog nat export source-ip ip-address

Optional.
By default, the source IP

address is the IP address of
the interface through which

the UDP packets are sent.

4.

Specify the version
number of the NAT log

packets.

userlog nat export version version-number

Optional.
Version 1 by default.

Setting NAT connection limit

Introduction to connection limit

A user that initiates a large quantity of connections in a short period of time occupies large amounts of

system resources, preventing other users from accessing network resources. An internal server that

receives large numbers of connection requests within a short time cannot process them in time or accept
other normal connection requests.
To avoid such situations, you can configure a connection limit policy to limit the number of connections,

connection rate, and connection bandwidth. The limits to the connection rate and bandwidth cannot be

specified at the same time.

NOTE:
•

For options not configured in the connection limit policy, the default configurations take effect.

•

For user connections not covered in the connection limit policy, the default configurations take effect.

Configuring connection limit

Creating a connection limit policy

Step Command

1.

Enter system view.

system-view

2.

Create a connection limit policy and enter its

view.

connection-limit policy policy-number