Displaying and maintaining nat – H3C Technologies H3C S12500 Series Switches User Manual

107

Step Command

2.

Enter connection limit policy view.

connection-limit policy policy-number

3.

Configure an ACL-based limit rule.

limit limit-id acl acl-number [ { per-destination | per-service |
per-source } * amount max-amount min-amount ]

NOTE:

The default connection limit parameters apply to the unmatched user connections.

Binding the connection limit policy to the NAT module

In this task, you can bind the configured connection limit policy to the NAT module for connection limit.
Follow these guidelines when you bind the connection limit policy to the NAT module:

•

A NAT module can be bound with only one connection limit policy.

•

The default connection limit parameters take effect after you bind the connection limit policy to the
NAT module.

To bind the connection limit policy to the NAT module:

Step Command

1.

Enter system view.

system-view

2.

Bind the connection limit policy to the NAT

module.

nat connection-limit-policy policy-number

Enabling aging out NAT entries upon master link

failure

In a link backup environment where NAT is enabled on the master and backup interfaces of a gateway

switch, if the master link fails, the backup link switches to the master state. If this feature is enabled on the
switch, all existing NAT entries on the failed link will be aged out immediately, so that new NAT entries

can be created for subsequent packets on the new master link, and thus NAT streams can be directed to

the new link immediately.
To enable aging out NAT entries upon master link failure:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable aging out NAT entries
upon master link failure.

nat link-down reset-session enable

Disabled by default.

Displaying and maintaining NAT

CAUTION:

Clearing the NAT log buffer implies loss of all NAT logs. In general, H3C recommends not using this
command.