Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
391392393394395396397398399400
386
Task Command
Clear the connection limit statistics
globally or on an interface
(MSR2000/MSR3000).
reset connection-limit statistics { global | interface interface-type
interface-number }
Clear the connection limit statistics
globally or on an interface (MSR4000).
reset connection-limit statistics { global | interface interface-type
interface-number } [ slot slot-number ]
Connection limit configuration example
Network requirements
As shown in Figure 114 , a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The
internal network address is 192.168.0.0/16. Configure NAT so that the internal users can access the
Internet and external users can access the internal servers, and configure connection limits to meet the
following requirements:
All hosts on segment 192.168.0.0/24 can establish up to 100000 connections to the external
network.
Each host on segment 192.168.0.0/24 can establish up to 100 connections to the external network.
A maximum of 10000 concurrent query requests are allowed from DNS clients to the DNS server.
A maximum of 10000 concurrent connection requests are allowed from Web clients to the Web
server.
Figure 114 Network diagram
Configuration procedure
The following example only describes how to configure connection limits. For information about NAT
configuration and internal server configuration, see Layer 3—IP Services Configuration Guide.
# Create ACL 3000 to permit packets from all hosts on the internal network.
<Router> system-view
[Router] acl number 3000
[Router-acl-adv-3000] rule permit ip source 192.168.0.0 0.0.0.255
[Router-acl-adv-3000] quit
# Create ACL 3001 to permit packets to the Web server and the DNS server.
[Router] acl number 3001
[Router-acl-adv-3001] rule permit ip destination 192.168.0.2 0
[Router-acl-adv-3001] rule permit ip destination 192.168.0.3 0