R2511-HP MSR Router Series Security Configuration Guide(V5)
438
Configuring connection limits
Overview
An internal user initiating a large quantity of connections to external networks in a short period of time
occupies large amounts of system resources on the device, limiting access to network resources for other
users. An internal server that receives large numbers of connection requests within a short period of time
cannot process them in time or accept other normal connection requests.
To avoid such situations, you can configure connection limit policies to limit the number of connections.
Connection limit configuration task list
Task Remarks
Creating a connection limit policy Required.
Configuring the connection
limit policy
Configuring the default connection limit action and
parameters
Optional.
Configuring an ACL-based connection limit rule Required.
Applying the connection limit policy Required.
Creating a connection limit policy
A connection limit policy is a set of connection limit rules that define the valid range and parameters for
the policy.
To create a connection limit policy:
Ste
p
Command
1. Enter system view.
system-view
2. Create a connection limit policy and enter its
view.
connection-limit policy policy-number
Configuring the connection limit policy
A connection limit policy contains one or more connection limit rules, each specifying an object or range
for the limit. A user connection that matches a rule is limited based on the parameters in the rule. For user
connections not matching any connection limit rule, the default connection limit action applies.
Configuring the default connection limit action and parameters
The following describes the default connection limit actions and parameters:
• If the default connection limit action is deny, the user connections are not limited.