H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – NAT, Netstream, Policy Routing
H3C S7500 Series Ethernet Switches Chapter 1
NAT Configuration
1-11
To do… Use the command… Remarks
Enter system view
system-view
—
Enter VLAN interface view
interface Vlan-interface vlan-id
—
Configure a non-standard
internal FTP server
nat ftp server global global-addr
global-port inside host-addr host-port
slot slot-number
Required
1.3.6 Configuring NAT Blacklist
By enabling the NAT blacklist feature and configuring NAT blacklist attributes such as
the control threshold for the number of NAT connections and the control threshold for
connection setup rate, you can enable the switch to control the number of NAT
connections and the connection setup rate.
Follow these steps to configure NAT blacklist attributes:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable NAT blacklist for a
specified LPU
nat blacklist start slot
slot-number
Required
By default, this
feature is disabled.
Set the control mode of NAT
blacklist
nat blacklist mode { all |
amount | rate }
Required
Set the global control threshold
for the number of NAT
connections per user, or a
specific control threshold for the
number of NAT connections of a
specified user
nat blacklist limit
amount [ source user-ip ]
amount-value
Optional
Set the global or specific control
thresholds for connection setup
rate
nat blacklist limit rate
[ source ip ] cir cir-value
[ cbs cbs-value ebs
ebs-value ]
Optional
Specify the IP address of a user,
so as to adopt the specific
connection setup rate control
thresholds to the user.
nat blacklist limit rate
source user-ip
Optional