Nat Blacklist Limit Rate Source - H3C S9500 Series Command Manual

Command Manual – NAT
H3C S9500 Series Routing Switches
If the source ip keyword is not specified, this configuration is effective for the
users of the specified source IP address only.
If you do not use the nat blacklist limit rate command, the system will adopt the
default value of the cir-value, cbs burst-size, and ebs burst-size, that is, 250, 375,
and 0 respectively.
If you use the nat blacklist limit rate command to configure the cir-value
argument only, the value of the cbs burst-size is cir-value*1.5, and the value of the
ebs burst-size is 0.
Caution:
You can set the threshold value for the maximum number of connections of the
specified IP address to any value within the value range. However, the threshold
value for the maximum rate of link set-up of all the specified source IP addresses
must be the same.
During the system running, you must execute the reset nat session command
once after you modify the blacklist configuration (except the blacklist configuration
for the specified source IP address).
When there are multiple LPUs in a device, each LPU maintains its own blacklist
information independently. However, the commands to configure the blacklist are
effective for all the blacklist-feature-enabled LPUs at the same time.
Examples
# Set the threshold value for the default rate of link set-up.
<H3C> system-view
[H3C] nat blacklist limit rate cir 20 cbs 1799 ebs 40
# Set the special threshold value for the rate of link set-up
<H3C> system-view
[H3C] nat blacklist limit rate source ip cir 20 cbs 1799 ebs 40

1.1.18 nat blacklist limit rate source

Syntax
nat blacklist limit rate [ vpn-instance vpn-name] source ip-address
undo nat blacklist limit rate [ vpn-instance vpn-name] source ip-address
View
System view
Chapter 1 NAT Configuration Commands
1-16