Configuring Nat Blacklist - H3C S7500 Series Operation Manual

Operation Manual – NAT, Netstream, Policy Routing
H3C S7500 Series Ethernet Switches
Enter system view
Enter VLAN interface view
Configure a non-standard
internal FTP server

1.3.6 Configuring NAT Blacklist

By enabling the NAT blacklist feature and configuring NAT blacklist attributes such as
the control threshold for the number of NAT connections and the control threshold for
connection setup rate, you can enable the switch to control the number of NAT
connections and the connection setup rate.
Follow these steps to configure NAT blacklist attributes:
Enter system view
Enable NAT blacklist for a
specified LPU
Set the control mode of NAT
blacklist
Set the global control threshold
for the number of NAT
connections per user, or a
specific control threshold for the
number of NAT connections of a
specified user
Set the global or specific control
thresholds for connection setup
rate
Specify the IP address of a user,
so as to adopt the specific
connection setup rate control
thresholds to the user.
To do...
system-view
interface Vlan-interface vlan-id
nat ftp server global global-addr
global-port inside host-addr host-port
slot slot-number
To do...
Use the command...
Use the command...
system-view
nat blacklist start slot
slot-number
nat blacklist mode { all |
amount | rate }
nat blacklist limit
amount [ source user-ip ]
amount-value
nat blacklist limit rate
[ source ip ] cir cir-value
[ cbs cbs-value ebs
ebs-value ]
nat blacklist limit rate
source user-ip
1-11
Chapter 1 NAT Configuration
Remarks
—
—
Required
Remarks
—
Required
By default, this
feature is disabled.
Required
Optional
Optional
Optional