ACLs in the connection limit rules with overlapping segments
Symptom
A connection limit policy has two rules. Rule 1 sets the upper limit to 10 for the connections from each host on segment 192.168.0.0/24. Rule 2 sets the upper limit to 100 for the connections from 192.168.0.100/24.
<Router> system-view [Router] acl basic 2001 [Router-acl-ipv4-basic-2001] rule permit source 192.168.0.0 0.0.0.255 [Router-acl-ipv4-basic-2001] quit [Router] acl basic 2002 [Router-acl-ipv4-basic-2002] rule permit source 192.168.0.100 0 [Router-acl-ipv4-basic-2002] quit [Router] connection-limit policy 1 [Router-connection-limit-policy-1] limit 1 acl 2001 per-destination amount 10 5 [Router-connection-limit-policy-1] limit 2 acl 2002 per-destination amount 100 10
As a result, the host at 192.168.0.100 can only initiate a maximum of 10 connections to the external network.
Solution
To resolve the problem:
Rearrange the two connection limit rules by exchanging their rule IDs.
If the problem persists, contact Hewlett Packard Enterprise Support.