H3C S9500 Series Command Manual page 157

Command Manual – NAT
H3C S9500 Series Routing Switches
Parameters
vpn-instance vpn-name: Name of a VPN instance. When this argument is specified,
the IP address configured in the blacklist is the IP address in VPN.
source ip-address: IP address of the specified user.
Description
Use the nat blacklist limit rate source ip-address command to set the IP for the user
who needs a special control mode for the rate of link set-up. For relevant information,
see the nat blacklist limit rate source ip command in
Use the undo nat blacklist limit rate source ip-address command to disable the user
IP address setting.
Caution:
You can set the threshold value for the maximum number of connections of the
specified IP address to any value within the value range. However, the threshold
value for the maximum rate of link set-up of all the specified source IP addresses
must be the same.
During the system running, you must execute the reset nat session command
once after you modify the blacklist configuration (except the blacklist configuration
for the specified source IP address).
When there are multiple LPUs in a device, each LPU maintains its own blacklist
information independently. However, the commands to configure the blacklist are
effective for all the blacklist-feature-enabled LPUs at the same time.
Examples
# Use the special threshold value to control the rate of link set-up of the user 2.2.2.2.
<H3C> system-view
[H3C] nat blacklist limit rate source 2.2.2.2
# Use the special threshold value to control the rate of link set-up of the user 200.0.0.1
in the private network VPN1.
<H3C> system-view
[H3C] nat blacklist limit rate vpn-instance vpn1 source 200.0.0.1
Chapter 1 NAT Configuration Commands
1.1.17 "nat blacklist limit
1-17
rate".