Manualshelf

HP MSR2000/3000/4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
281282283284285286287288289290
270
# Configure connection limit rule 1 to permit up to 100000 connections from all the hosts matching ACL
3000 to the external network. When the connection number exceeds 100000, new connections cannot
be established until the connection number goes below 95000.
[Router-connection-limit-policy-1] limit 1 acl 3000 amount 100000 95000
# Configure connection limit rule 2 to permit up to 10000 connections to the servers matching ACL 3001.
When the connection number exceeds 10000, new connections cannot be established until the
connection number goes below 9800.
[Router-connection-limit-policy-1] limit 2 acl 3001 per-destination amount 10000 9800
[Router-connection-limit-policy-1] quit
# Create connection limit policy 2.
[Router] connection-limit policy 2
# Configure connection limit rule 1 to permit up to 100 connections from each host matching ACL 3000
to external networks. When the connection number exceeds 100, new connections cannot be
established until the connection number goes below 90.
[Router-connection-limit-policy-2] limit 1 acl 3000 per-source amount 100 90
[Router-connection-limit-policy-2] quit
# Apply connection limit policy 1 globally.
[Router] connection-limit apply global policy 1
# Apply connection limit policy 2 to the inbound interface GigabitEthernet 1/1.
[Router] interface gigabitethernet 1/1
[Router-GigabitEthernet1/1] connection-limit apply policy 2
[Router-GigabitEthernet1/1] quit
Verifying the configuration
# Use display connection-limit policy to display information about the connection limit policy.
[Router] display connection-limit policy 1
IPv4 connection limit policy 1 has been applied 1 times, and has 2 limit rules.
Limit rule list:
Policy Rule StatType HiThres LoThres ACL
------------------------------------------------------------
1 1 -- 100000 95000 3000
2 Dst 10000 9800 3001
Applied list:
Global
[Router] display connection-limit policy 2
IPv4 connection limit policy 2 has been applied 1 times, and has 1 limit rules.
Limit rule list:
Policy Rule StatType HiThres LoThres ACL
------------------------------------------------------------
2 1 Src 100 90 3000
Applied list:
GigabitEthernet1/1