Applying the connection limit policy, Connection limit configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

109

Step Command

3.

Configure an IP
address-based connection

limit rule.

limit limit-id { source ip { ip-address mask-length | any } [ source-vpn
src-vpn-name ] | destination ip { ip-address mask-length | any }
[ destination-vpn dst-vpn-name ] } * protocol { dns | http | ip | tcp | udp }

max-connections max-num [ per-destination | per-source |

per-source-destination ]

Applying the connection limit policy

To make a connection limit policy take effect, apply it globally.
To apply a connection limit policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Apply a connection
limit policy.

connection-limit apply policy policy-number

Only one connection limit
policy can be applied

globally.

Displaying and maintaining connection limit policies

Task Command

Remarks

Display information about
one or all connection limit
policies.

display connection-limit policy { policy-number |
all } [ | { begin | exclude | include }
regular-expression ]

Available in any view

Connection limit configuration example

Network requirements

As shown in

Figure 108

, a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The

internal network address is 192.168.0.0/16 and two servers are on the internal network. Perform NAT

configuration so that the internal users can access the Internet and external users can access the internal

servers, and configure connection limiting so that:

•

Each host on segment 192.168.0.0/24 can establish up to 100 connections to external network and
all the other hosts can establish as many connections as possible.

•

Permit up to 10000 connections from the external network to the DNS server.

•

Permit up to 10000 connections from the external network to the Web server.