3Com Switch 8800 Advanced Software V5 Configuration Guide
996 CHAPTER 76: NAT CONFIGURATION
Configuring
Connection-limit
Introduction to
Connection-limit
The connection-limit function allows you to limit user connections in three ways:
connection number, connection rate or both. This can avoid the situation where a
single user establishes too many connections in a short time as to affect other
users in using the network.
Limiting connection number means that when the number of connections
initiated by a user reaches a certain upper limit, the user cannot establish new
connections. The user must wait (for at least 5 minutes) till the connection number
is lower than the upper limit in order to create new connections. This feature
applies to VPN users as well.
Limiting connection rate means that a user connection rate cannot exceed a
predefined maximum value. This also applies to VPN users.
For the connection-limit function to take effect, you must set a connection-limit
policy, bind the policy with the NAT module, and meanwhile activate the
connection-limit switch.
c
CAUTION:
■ For parameters not configured in a connection-limit policy, the global
configurations take effect.
■ For user connections not covered in a connection-limit policy, the global
configurations take effect.
Configuration Procedure Configuring global connection-limit parameters
Follow these steps to configure global connection-limit parameters
Configuring connection-limit policy
Follow these steps to configure a connection-limit policy:
To do... Use the command... Remarks
Enter system view system-view -
Enable connection-limit
function
connection-limit enable Required
Disabled by default
Configure connection-limit
action globally
connection-limit default
action [ permit | deny ]
Optional
User connections are not
counted and limited by
default.
Configure connection number
limits globally
connection-limit default
amount upper-limit
max-amount
Optional
200 by default
Set the maximum connection
rate globally
connection-limit default
rate max-rate max-rate
Optional
100 by default
To do... Use the command... Remarks
Enter system view system-view -