Table of Contents
Advertisement
Command Manual – NAT&URPF&VPLS
Quidway S8500 Series Routing Switches
Use the undo nat blacklist command to disable a NAT blacklist attribute or function.
By default, the blacklist feature is disabled.
Use the nat blacklist start command to enable the NAT blacklist feature and start
calculating blacklist users.
Use the undo nat blacklist start command to disable the NAT blacklist function.
Use the nat blacklist mode command to enable operations on blacklist users and set
the thresholds for controlling setup rates or the number of connections.
Use the undo nat blacklist mode command to disable operations on blacklist users.
Use the nat blacklist limit amount command to set the thresholds for controlling the
number of connections with all addresses or an individual source IP address.
Use the undo nat blacklist limit amount command to restore the default thresholds. If
you do not specify an IP address, the command restores the default thresholds for all
addresses. If you specify an IP address, the command restores the thresholds for the
specified IP addresses to those for all addresses.
Use the nat blacklist limit rate command to set the thresholds for controlling the setup
rates of the blacklist. Use the command to set the threshold for controlling the setup
rates of all the addresses.
Use the nat blacklist limit rate source command to set the thresholds for controlling
the setup rate of an individual IP address.
Use the undo nat blacklist limit rate command to restore the default thresholds. If you
do not specify an IP address, the command restores the default thresholds for all
addresses. If you specify an IP address, the command restores the thresholds for the
specified IP addresses to those for all addresses.
By default, the threshold for global setup rate is 250 sessions and the threshold for
controlling the number of connections is 500 sessions.
The default value of the threshold for setup rate of specified IP addresses are the same
as the global threshold for setup rate.
Example
# Enable the NAT blacklist feature for all the system.
[Quidway] nat blacklist start
# Select blacklist as the control mode for the number of connections.
[Quidway] nat blacklist mode amount
# Set the thresholds for controlling the number of connections for all addresses.
[Quidway] nat blacklist limit amount 222
# Set the threshold for controlling the number of connections with IP address 1.1.1.1.
[Quidway] nat blacklist limit amount source 1.1.1.1 2222
Huawei Technologies Proprietary
1-9
Chapter 1 NAT Configuration Commands
Advertisement
Chapters
Table of Contents
