Displaying and maintaining connection limiting, Connection limit configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

3

Displaying and Maintaining Connection Limiting

To do…

Use the command…

Remarks

Display information about the

specified or all connection limit
policies

display connection-limit policy
{ policy-number | all }

Available in any view

Connection Limit Configuration Example

Connection Limit Configuration Example

Network requirements

As shown in

Figure 1

, a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The

internal network address is 192.168.0.0/16 and there are two servers on the internal network. Perform

NAT configuration so that the internal users can access the Internet and external users can access the

internal servers, and configure connection limiting so that:

•

Each host on segment 192.168.0.0/24 can establish up to 100 connections to external network and
all the other hosts can establish as many connections as possible.

•

Permit up to 10000 connections from the external network to the DNS server.

•

Permit up to 10000 connections from the external network to the Web server.

Figure 1 Network diagram for connection limiting

Configuration procedure

NOTE:

The following describes only connection limit configuraiton steps. For information about NAT
configuration and internal server configuration, see

NAT Configuration in the Security Volume.

# Create a connection limit policy and enter its view.

system-view

[Device] connection-limit policy 0