[x]

Connection limit configuration example > Configuration procedure

 

 Next

Configuration procedure

The following example only describes how to configure connection limits. For information about NAT configuration and internal server configuration, see Layer 3—IP Services Configuration Guide.

# Create ACL 3000 to permit packets from all hosts on the internal network.

<Router> system-view
[Router] acl advanced 3000
[Router-acl-ipv4-adv-3000] rule permit ip source 192.168.0.0 0.0.0.255
[Router-acl-ipv4-adv-3000] quit

# Create ACL 3001 to permit packets to the Web server and the DNS server.

[Router] acl advanced 3001
[Router-acl-ipv4-adv-3001] rule permit ip destination 192.168.0.2 0
[Router-acl-ipv4-adv-3001] rule permit ip destination 192.168.0.3 0
[Router-acl-ipv4-adv-3001] quit

# Create connection limit policy 1.

[Router] connection-limit policy 1

# Configure connection limit rule 1 to permit a maximum of 100000 connections from all the hosts that match ACL 3000. When the number of connections exceeds 100000, new connections cannot be established until the number drops below 95000.

[Router-connection-limit-policy-1] limit 1 acl 3000 amount 100000 95000

# Configure connection limit rule 2 to permit a maximum of 10000 connections to the servers that match ACL 3001. When the number of connections exceeds 10000, new connections cannot be established until the number drops below 9800.

[Router-connection-limit-policy-1] limit 2 acl 3001 per-destination amount 10000 9800
[Router-connection-limit-policy-1] quit

# Create connection limit policy 2.

[Router] connection-limit policy 2

# Configure connection limit rule 1 to permit a maximum of 100 connections from each host matching ACL 3000. When the number of connections exceeds 100, new connections cannot be established until the number drops below 90.

[Router-connection-limit-policy-2] limit 1 acl 3000 per-source amount 100 90
[Router-connection-limit-policy-2] quit

# Apply connection limit policy 1 globally.

[Router] connection-limit apply global policy 1

# Apply connection limit policy 2 to inbound interface GigabitEthernet 1/0/1.

[Router] interface gigabitethernet 1/0/1
[Router-GigabitEthernet1/0/1] connection-limit apply policy 2
[Router-GigabitEthernet1/0/1] quit

prev

 

up

 next

Network requirements 

home

 Verifying the configuration

© Copyright 2017 Hewlett Packard Enterprise Development LP