beautypg.com

Verifying the configuration, Configuring traffic statistics, Network requirements – H3C Technologies H3C SecBlade LB Cards User Manual

Page 269: Configuration procedure

background image

258

Verifying the configuration

# Use the display connection-limit policy command to display the information about the connection limit

policy.

[LB] display connection-limit policy 0

Connection-limit policy 0, refcount 1, 3 limits

limit 0 source ip 192.168.0.0 24 destination ip any protocol ip max-connections 100

per-source

limit 1 source ip any destination ip 192.168.0.3 32 protocol dns max-connections 10000

limit 2 source ip any destination ip 192.168.0.2 32 protocol http max-connections 10000

Configuring traffic statistics

Network requirements

As shown in

Figure 144

, configure traffic statistics in security zone Trust, and configure UDP flood attack

protection to protect the internal server against UDP flood attacks.

Figure 144 Network diagram

Configuration procedure

# Assign IP addresses to the interfaces. (Details not shown.)
# Add interface GigabitEthernet 0/1 to security zone Trust.

system-view

[LB] zone name Trust

[LB-zone-Trust] import interface gigabitethernet 0/1

[LB-zone-Trust] quit

# Add interface GigabitEthernet 0/3 to security zone DMZ.

[LB] zone name DMZ

[LB-zone-DMZ] import interface gigabitethernet 0/3

[LB-zone-DMZ] quit

# Add interface GigabitEthernet 0/2 to security zone Untrust.

[LB] zone name Untrust

[LB-zone-Untrust] import interface gigabitethernet 0/2

[LB-zone-Untrust] quit

Internet

LB

Server

Host C

GE0/2

GE0/1

GE0/3

Host A

Host B

202.1.0.1/16

192.168.1.1/16

10.1.1.2/24

10.1.1.1/24

Trust

DMZ

Untrust

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: