Manualshelf

F3215-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
221222223224225226227228229230
214
Configuration procedure
# Configure IP addresses for interfaces. (Details not shown.)
# Enable the blacklist function.
<LB> system-view
[LB] blacklist enable
# Add Host D's IP address 5.5.5.5 to the blacklist without configuring an aging time for it.
[LB] blacklist ip 5.5.5.5
# Add Host C's IP address 192.168.1.4 to the blacklist and configure the aging time as 50 minutes.
[LB] blacklist ip 192.168.1.4 timeout 50
Verifying the configuration
Use the display blacklist all command to display the added blacklist entries.
[LB] display blacklist all
Blacklist information
-------------------------------------------------------------------------
Blacklist : enabled
Blacklist items : 2
------------------------------------------------------------------------------
IP Type Aging started Aging finished Dropped packets
YYYY/MM/DD hh:mm:ss YYYY/MM/DD hh:mm:ss
5.5.5.5 manual 2012/04/09 16:02:20 Never 0
192.168.1.4 manual 2012/04/09 16:02:26 2012/04/09 16:52:26 0
After the configuration takes effect, LB module should:
Always drop packets from Host D unless you delete Host D's IP address from the blacklist by using
the undo blacklist ip 5.5.5.5 command.
Within 50 minutes, drop Host C's packets received.
After 50 minutes, normally forward Host C's packets received.
Configuring connection limit
Network requirements
As shown in Figure 112, a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The
internal network address is 192.168.0.0/16 and two servers are on the internal network. Perform NAT
configuration so that the internal users can access the Internet and external users can access the internal
servers, and configure connection limiting so that:
Each host on segment 192.168.0.0/24 can establish up to 100 connections to external network and
all the other hosts can establish as many connections as possible.
Permit up to 10000 connections from the external network to the DNS server.
Permit up to 10000 connections from the external network to the Web server.