Configuring Nat Blacklist Attributes - H3C S9500 Series Operation Manual

Operation Manual – NAT
H3C S9500 Series Routing Switches

1.2.5 Configuring NAT Blacklist Attributes

Follow these steps to enable/disable the NAT blacklist feature on a slot:
Enter system view
Enable the NAT blacklist
feature on the specified
board
Set to limit the number of
user connections and the
rate of link set-up
Set the threshold value for
the number of
connections
Set the global or specified
threshold value for the
rate of link set-up and the
bucket size
Set the specified
threshold value for the
rate of link set-up of the
specified IP address
Display the configuration
and running status
information about the
blacklist
To do...
system-view
nat blacklist start
nat blacklist mode
{ amount | rate | all }
nat blacklist limit
amount [ [ vpn-instance
vpn-name ] source
user-ip ] max-amount
nat blacklist limit rate
[ [ vpn-instance
vpn-name ] source ip] cir
cir-value [ cbs burst-size ]
[ ebs burst-size ]
nat blacklist limit rate
[ vpn-instance
vpn-name] source
ip-address
display nat blacklist { all
| [ vpn-instance
vpn-name ] ip
[ ip-address ] slot slot-no }
Use the command...
1-13
Chapter 1 NAT Configuration
Remarks
—
Required
Disabled by default.
Required
The number of user
connections and the rate
of link set-up are not
limited by default.
Required
Required
By default, the threshold
value for the rate of link
set-up and bucket size are
250 session/s and 150
respectively.
Required
You must configure the
maximum number of
users and connections of
the specified VPN before
configuring the blacklist
feature, and the number
of configured blacklists
must be no bigger than
the maximum number of
users of the VPN.
Available in any view