R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

531

532

533

534

535

536

537

538

539

540

520

Views

Connection limit policy view

Default command level

2: System level

Parameters

limit-id: Specifies the ID of a rule in the connection limit policy, in the range of 0 to 255.

acl-number: Specifies an ACL number in the range of 2000 to 3999. Connections matching this ACL are

to be limited.

per-destination: Limits connections by destination IP address.

per-service: Limits connections by service type or application.

per-source: Limits connections by source IP address.

amount: Limits the number of connections.

max-amount: Specifies the upper connection limit in the range of 1 to 4294967295.

min-amount: Specifies the lower connection limit in the range of 0 to 4294967294. It must be smaller

than the upper limit.

Usage guidelines

If you do not specify any optional parameters, the device uses the default connection limit settings (upper

and lower limits) to limit connections by source IP address. For more information about default

connection limit parameters, see the connection-limit default amount command.

If multiple keywords among per-destination, per-service, and per-source are specified, the specified

keywords take effect in combination. For example, with both per-destination and per-service limit types

specified, the limit rule collects statistics on and limits the connections of the same service that are

destined to the same destination IP address.

Examples

# Configure a rule for connection limit policy 1 to limit connections initiated from 192.168.0.0/24 by

destination IP address, setting the upper and lower connection limits to 200 and 100 respectively.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 192.168.0.0 0.0.0.255

[Sysname-acl-basic-2001] quit

[Sysname] connection-limit policy 1

[Sysname-connection-limit-policy-1] limit 1 acl 2001 per-destination amount 200 100

Related commands

• connection-limit policy

• display connection-limit policy

• display nat connection-limit

nat connection-limit-policy

Use nat connection-limit-policy to apply a connection limit policy to the NAT module.

Use undo nat connection-limit-policy to remove the application.