HP FlexNetwork MSR Series Command Reference Manual page 795
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
In IPv6 connection limit policy view:
limit limit-id acl ipv6 { acl-number | name acl-name } [ per-destination | per-service | per-source ]
* { amount max-amount min-amount | rate rate } * [ description text ]
undo limit limit-id
Default
No connection limit rules exist.
Views
IPv4 connection limit policy view
IPv6 connection limit policy view
Predefined user roles
network-admin
Parameters
limit-id: Specifies a connection limit rule by its ID. The value range for this argument is 1 to 256.
acl: Specifies the ACL that matches the user range. Only the user connections that match the ACL
are limited.
ipv6: Specifies an IPv6 ACL. If you do not specify this keyword, an IPv4 ACL is used.
acl-number: Specifies an ACL by its number in the range of 2000 to 3999.
name acl-name: Specifies an ACL by its name.
per-destination: Limits connections by destination IP address.
per-service: Limits connections by service depending on transport layer protocol and service port.
per-source: Limits connections by source IP address.
per-ds-lite-b4: Limits connections by IPv6 address of a B4 device on a DS-Lite tunnel. This keyword
is available only in IPv4 connection limit policy view.
amount: Limits the number of connections.
max-amount: Specifies the upper connection limit in the range of 1 to 4294967294. When user
connections in a range or of a type exceed the upper connection limit, new connections cannot be
created. As a best practice, set the upper connection limit to a value greater than 32 to make sure the
device can function correctly.
min-amount: Specifies the lower connection limit in the range of 1 to 4294967294. The lower
connection limit cannot be greater than the upper connection limit. New connections cannot be
created until the connection number goes below the lower connection limit.
rate: Limits the connection establishment rate.
rate: Specifies the maximum number of connections established per second. The value range is 5 to
10000000.
description text: Specifies a description for the connection limit rule, a case-sensitive string of 1 to
127 characters. By default, a connection limit rule does not have a description.
Usage guidelines
Each connection limit policy can define multiple rules. Each rule must specify the used ACL, rule
type, and either of upper/lower connection limit and connection establishment rate limit. In one rule,
you can specify one or multiple of the keywords per-destination, per-source, and per-service, but
you cannot specify the per-ds-lite-b4 keyword together with other keywords. For example, if the
per-destination and per-source combination is specified, connections are limited by the source IP
address and destination IP address. Connections with the same source IP address and destination
IP address are the same type.
777
Advertisement
