R2511-HP MSR Router Series Security Configuration Guide(V5)
440
Ste
p
Command
1. Enter system view.
system-view
2. Enter connection limit policy view.
connection-limit policy policy-number
3. Configure an ACL-based connection
limit rule.
limit limit-id acl acl-number [ { per-destination | per-service |
per-source } * amount max-amount min-amount ]
Applying the connection limit policy
To make a connection limit policy take effect, apply it to a NAT service module.
To apply a connection limit policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Apply a connection limit
policy to the NAT module.
nat connection-limit-policy
policy-number
Only one connection limit policy
can be applied to a NAT module.
Displaying and maintaining connection limiting
Task Command
Remarks
Display information about
one or all connection limit
policies.
display connection-limit policy { policy-number |
all } [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display connection limit
statistics.
display connection-limit statistics [ source
src-address { mask-length | mask } ] [ destination
dst-address { mask-length | mask } ]
[ destination-port { eq | gt | lt | neq | range }
port-number ] [ vpn-instance vpn-instance-name ]
[ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display NAT connection limit
statistics.
display nat connection-limit [ source src-address
{ mask-length | mask } ] [ destination dst-address
{ mask-length | mask } ] [ destination-port { eq | gt
| lt | neq | range } port-number ] [ vpn-instance
vpn-instance-name ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Troubleshooting connection limiting
Symptom
Connection limit rules with overlapping segments: