10-Security

HomeSupportResource CenterH3C Access Controllers Command References(E5208P03 E5215P01 R5215P01)-6W10210-Security
14-Connection limit commands
Title Size Download
14-Connection limit commands 99.88 KB

Connection limit commands

The following matrix shows the feature and hardware compatibility:

 

Hardware series

Model

Connection limit compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

Yes

WX2500H series

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-L

WX3010H-X

WX3024H

WX3024H-L

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

Yes

WX5500E series

WX5510E

WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

Yes

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

Yes

 

The WX1800H series, WX2500H series, and WX3000H series access controllers do not support the slot keyword or the slot-number argument.

connection-limit

Use connection-limit to create a connection limit policy and enter its view.

Use undo connection-limit to remove the configuration.

Syntax

connection-limit { ipv6-policy | policy } policy-id

undo connection-limit { ipv6-policy | policy } policy-id

Default

No connection limit policy exists.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-policy: Specifies an IPv6 connection limit policy.

policy: Specifies an IPv4 connection limit policy.

policy-id: Specifies the ID of a connection limit policy. An IPv4 or IPv6 connection limit policy has its own number. The value for this argument is 1 to 32.

Examples

# Create IPv4 connection limit policy 1 and enter its view.

<Sysname> system-view

[Sysname] connection-limit policy 1

[Sysname-connlmt-policy-1]

# Create IPv6 connection limit policy 12 and enter its view.

<Sysname> system-view

[Sysname] connection-limit ipv6-policy 12

[Sysname-connlmt-ipv6-policy-12]

Related commands

·     connection-limit apply

·     connection-limit apply global

·     display connection-limit

·     limit

connection-limit apply

Use connection-limit apply to apply a connection limit policy to an interface.

Use undo connection-limit apply to remove the application.

Syntax

connection-limit apply { ipv6-policy | policy } policy-id

undo connection-limit apply { ipv6-policy | policy }

Default

No connection limit policy is applied to an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-policy: Specifies an IPv6 connection limit policy.

policy: Specifies an IPv4 connection limit policy.

policy-id: Specifies the ID of a connection limit policy. The value range for this argument is 1 to 32.

Usage guidelines

Only one IPv4 connection limit policy and one IPv6 connection limit policy can be applied to an interface. A new IPv4 or IPv6 connection limit policy overwrites the old one.

Examples

# Apply IPv4 connection limit policy 1 to VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] connection-limit apply policy 1

# Apply IPv6 connection limit policy 12 to VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] connection-limit apply ipv6-policy 12

Related commands

·     connection-limit

·     limit

connection-limit apply global

Use connection-limit apply global to apply a connection limit policy globally.

Use undo connection-limit apply global to remove the application.

Syntax

connection-limit apply global { ipv6-policy | policy } policy-id

undo connection-limit apply global { ipv6-policy | policy }

Default

No connection limit policy is applied globally.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-policy: Specifies an IPv6 connection limit policy.

policy: Specifies an IPv4 connection limit policy.

policy-id: Specifies the ID of a connection limit policy. The value range for this argument is 1 to 32.

Usage guidelines

Only one IPv4 connection limit policy and one IPv6 connection limit policy can be applied globally. A new IPv4 or IPv6 connection limit policy overwrites the old one.

Examples

# Apply IPv4 connection limit policy 1 globally.

<Sysname> system-view

[Sysname] connection-limit apply global policy 1

# Apply IPv6 connection limit policy 12 globally.

<Sysname> system-view

[Sysname] connection-limit apply global ipv6-policy 12

Related commands

·     connection-limit

·     limit

description

Use description to configure a description for a connection limit policy.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A connection limit policy does not have a description.

Views

IPv4 connection limit policy view

IPv6 connection limit policy view

Predefined user roles

network-admin

Parameters

text: Specifies the connection limit policy description, a case-sensitive string of 1 to 127 characters.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the description as CenterToA for IPv4 connection limit policy 1.

<Sysname> system-view

[Sysname] connection-limit policy 1

[Sysname-connlmt-policy-1] description CenterToA

Related commands

display connection-limit

display connection-limit

Use display connection-limit to display information about connection limit policies.

Syntax

display connection-limit { ipv6-policy | policy } { policy-id | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6-policy: Specifies an IPv6 connection limit policy.

policy: Specifies an IPv4 connection limit policy.

policy-id: Specifies a connection limit policy by its ID. The value range for this argument is 1 to 32.

all: Specifies all connection limit policies.

Examples

# Display information about all IPv4 connection limit policies.

<Sysname> display connection-limit policy all

3 policies in total:

 Policy  Rule     Stat Type  HiThres  LoThres  Rate     ACL

--------------------------------------------------------------------------------

      0     1  Src-Dst-Port     2000     1800    10     3000

           12       Src-Dst      500       45     0     3001

          255            --  1000000   980000     0     2001

 

      1     2      Dst-Port      800      70      0     3010

            3       Src-Dst      100      90      0     3000

           10  Src-Dst-Port       50      45      0     3003

           11           Src      200     200      0     3004

          200           --    500000  498000      0     2002

 

     28     4          Port     1500    1400      0     3100

            5           Dst     3000     280      0     3101

           21       Src-Dst      200     180      0     3102

           25      Src-Port       50      35      0     3200

Description list:

 Policy      Description

--------------------------------------------------------------------------------

      1       IPv4Description1

     28      Description for IPv4 28

# Display information about IPv4 connection limit policy 1.

<Sysname> display connection-limit policy 1

IPv4 connection limit policy 1 has been applied 5 times, and has 5 limit rules.

Description: IPv4Description1

Limit rule list:

 Policy  Rule     Stat Type  HiThres  LoThres     Rate   ACL

--------------------------------------------------------------------------------

      1     2      Dst-Port      800      700     10     3010

            3       Src-Dst      100       90     0      3000

           10  Src-Dst-Port       50       45     0      3003

           11           Src      200      200     0      3004

          200            --   500000   498000     0      2002

 Application list:

     Vlan-interface2

     Global

# Display information about all IPv6 connection limit policies.

<Sysname> display connection-limit ipv6-policy all

2 policies in total:

 Policy  Rule     Stat Type  HiThres  LoThres  Rate     ACL

--------------------------------------------------------------------------------

      3     1       Src-Dst     1000      800    10     3010

            2           Dst      500      450     0     3001

      4     2  Src-Dst-Port      800      700     0     3010

            3           Src      100       90     0     3020

          200            --   100000    89000     0     2005

Description list:

 Policy      Description

--------------------------------------------------------------------------------

      3      IPv6Description3

      4      Description for IPv6 4

# Display information about IPv6 connection limit policy 3.

<Sysname> display connection-limit ipv6-policy 3

IPv6 connection limit policy 3 has been applied 3 times, and has 2 limit rules.

Description: IPv6Description3

Limit rule list:

Policy  Rule     Stat Type  HiThres  LoThres  Rate     ACL

--------------------------------------------------------------------------------

     3     1       Src-Dst     1000      800     0     3010 

           2           Dst      500      450     0     3001

Application list:

    Vlan-interface2

Table 1 Command output

Field

Description

Limit rule list

Connection limit policy information.

Policy

Number of the connection limit policy.

Rule

Number of the connection limit rule.

Stat Type

Statistics types:

·     Src-Dst-PortLimits connections by source IP, destination IP, and service combination.

·     Src-Dst—Limits connections by source IP address and destination IP address combination.

·     Src-Port—Limits connections by source IP and service combination.

·     Dst-Port—Limits connections by destination IP and service combination.

·     Src—Limits connections by source IP address.

·     Dst—Limits connections by destination IP address.

·     Port—Limits connections by service.

·     --—Limits connections not by a specific IP address or service. All connections that match the ACL used by the rule are limited.

HiThres

Upper limit of the connections.

LoThres

Lower limit of the connections.

Rate

Number of connections established per second.

ACL

Number or name of the ACL used by the rule.

Application list

Application list of the connection limit policy, including interface name and Global. Global indicates that the connection limit policy is applied globally.

Description

Connection limit policy description.

Description list

List of connection limit policy descriptions.

 

Related commands

·     connection-limit

·     connection-limit apply

·     connection-limit apply global

·     limit

display connection-limit ipv6-stat-nodes

Use display connection-limit ipv6-stat-nodes to display statistics about IPv6 connections that match connection limit rules globally or on an interface.

Syntax

display connection-limit ipv6-stat-nodes { global | interface interface-type interface-number } [ slot slot-number ] [ destination destination-ip | service-port port-number | source source-ip ] * [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

global: Displays statistics about IPv6 connections that match connection limit rules globally.

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member device by its member ID. This option is available only when you specify the global keyword or specify a virtual interface, such as a VLAN-interface.

destination destination-ip: Specifies a destination by its IP address.

service-port port-number: Specifies a service port by its port number.

source source-ip: Specifies a source by its IP address.

count: Displays only the number of limit rule-based statistics sets. Detailed information about the specified IPv6 connections is not displayed. If you do not specify this keyword, the command displays detailed information about the specified IPv6 connections that match connection limit rules.

Usage guidelines

The statistics for connections that match connection limit rules include the following information:

·     Connection information, including the source/destination IP address, service port, and transport layer protocol of connections.

·     Matching connection limit rules.

·     Number of current connections.

·     Whether or not new connections can be created.

To further filter the output statistics, specify the following options in the command:

·     source source-ip.

·     destination destination-ip.

·     service-port port-number.

For example, if you specify the source source-ip and destination destination-ip combination, this command displays statistics about IPv6 connections that match connection limit rules by source IP address and destination IP address.

If you specify none of the source source-ip, destination destination-ip, and service-port port-number options, this command displays statistics about all IPv6 connections that match connection limit rules.

Examples

# (WX2500H and WX3000H ACs.) Display statistics about all IPv6 connections that match the connection limit rule on VLAN-interface 2.

<Sysname> display connection-limit ipv6-stat-nodes interface vlan-interface 2

 Src IP address          : Any

     VPN instance        : vpn5

 Dst IP address          : fe80::5ed9:98ff:feb1:69b6

     VPN instance        : abcdefghijklmnopqrstuvwxyzabcde

 Tunnel ID               : 9876543210

 Service                 : tcp/12345

 Limit rule ID           : 12345(ACL: 3184)

 Sessions threshold Hi/Lo: 1000000/90000

 Sessions count          : 150000

 Sessions limit rate     : 0

 New session flag        : Permit

# Display statistics about all IPv6 connections that match the connection limit rule on VLAN-interface 10 on IRF member device 1.

<Sysname> display connection-limit ipv6-stat-nodes interface vlan-interface 10 slot 1

Slot 1:

 Src IP address          : 112::2

     VPN instance        : --

 Dst IP address          : Any

     VPN instance        : --

 Tunnel ID               : --

 Service                 : udp/300

 Limit rule ID           : 0(ACL: 3571)

 Sessions threshold Hi/Lo: 3000/2900

 Sessions count          : 2002

 Sessions limit rate     : 0

 New session flag        : Permit

# Display statistics about IPv6 connections that match the connection limit rule on IRF member device 1.

<Sysname> display connection-limit ipv6-stat-nodes global slot 1

Slot 1:

 Src IP address          : Any

     VPN instance        : --

 Dst IP address          : Any

     VPN instance        : --

 Tunnel ID               : --

 Service                 : icmp/0

 Limit rule ID           : 22(ACL: 3666)

 Sessions threshold Hi/Lo: 3500/3000

 Sessions count          : 3100

 Sessions limit rate     : 0

 New session flag        : Permit

# (WX2500H and WX3000H ACs.) Display the number of limit rule-based statistics sets by source IP address 2::1.

<Sysname> display connection-limit ipv6-stat-nodes global source 2::1 count

       Current limit statistic nodes count is 16.

# Display the number of limit rule-based statistics sets on VLAN-interface 10 on IRF member device 1.

<Sysname> display connection-limit ipv6-stat-nodes interface vlan-interface 10 slot 1 count

Slot 1:

       Current limit statistic nodes count is 1.

Table 2 Command output

Field

Description

Src IP address

Source IP address.

Dst IP address

Destination IP address.

VPN instance

MPLS L3VPN to which the IP address belongs. Two hyphens (--) indicates that the IP address is on the public network.

This field is not supported in the current software version.

Tunnel ID

ID of the DS-Lite tunnel. Two hyphens (--) indicates that the connection does not belong to a DS-Lite tunnel.

This field is not supported in the current software version.

Service

Protocol name and service port number.

For an unwell-known protocol, this field displays unknown(xx).The cross signs (xx) indicates the protocol number. For the ICMP protocol, the protocol number is the decimal digits that are converted from the hexadecimal contents of the type and code fields.

Limit rule ID

ID of the matched rule. The ACL number of the rule is enclosed in parentheses.

Sessions threshold Hi/Lo

Upper and lower connection limits.

Sessions count

Number of current connections.

Sessions limit rate

Maximum number of connections established per second.

New session flag

Whether or not new connections can be created:

·     PermitNew connections can be created.

·     DenyNew connections cannot be created.

 

Related commands

·     connection-limit apply global ipv6-policy

·     connection-limit apply ipv6-policy

·     connection-limit ipv6-policy

·     limit

display connection-limit statistics

Use display connection-limit statistics to display the connection limit statistics globally or on an interface.

Syntax

display connection-limit statistics { global | interface interface-type interface-number } [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

global: Displays the global connection limit statistics.

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member device by its member ID. This option is available only when you specify the global keyword or specify a virtual interface, such as a VLAN interface.

Examples

# (WX2500H and WX3000H ACs.) Display the global connection limit statistics.

<Sysname> display connection-limit statistics global

Connection limit statistics (Global, slot 0):

    Dropped IPv4 packets:   54781

    Dropped IPv6 packets:   11457

# Display the global connection limit statistics on IRF member device 2.

<Sysname> display connection-limit statistics global slot 2

Connection limit statistics (Global, slot 2):

    Dropped IPv4 packets:   74213

    Dropped IPv6 packets:   58174

Table 3 Command output

Field

Description

Dropped IPv4 packet

Number of IPv4 packets that are dropped because the upper connection limit is exceeded when an IPv4 connection limit policy is configured globally or on an interface.

Dropped IPv6 packet

Number of IPv6 packets that are dropped because the upper connection limit is exceeded when an IPv6 connection limit policy is configured globally or on an interface.

 

Related commands

·     connection-limit

·     connection-limit apply

·     connection-limit apply global

·     limit

display connection-limit stat-nodes

Use display connection-limit stat-nodes to display statistics about IPv4 connections that match connection limit rules globally or on an interface.

Syntax

display connection-limit stat-nodes { global | interface interface-type interface-number } [ slot slot-number ] [ destination destination-ip | service-port port-number | source source-ip ] * [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

global: Displays statistics about IPv4 connections that match connection limit rules globally.

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member device by its member ID. This option is available only when you specify the global keyword or specify a virtual interface, such as a VLAN-interface.

destination destination-ip: Specifies a destination by its IP address.

service-port port-number: Specifies a service port by its port number.

source source-ip: Specifies a source by its IP address.

count: Displays only the number of limit rule-based statistics sets. Detailed information about the specified IPv4 connections is not displayed. If you do not specify this keyword, the command displays detailed information about the specified IPv4 connections that match connection limit rules.

Usage guidelines

The statistics for connections that match connection limit rules include the following information:

·     Connection information, including the source/destination IP address, service port, and transport layer protocol of connections.

·     Matching connection limit rules.

·     Number of current connections.

·     Whether or not new connections can be created.

To further filter the output statistics, specify the following options in the command:

·     source source-ip.

·     destination destination-ip.

·     service-port port-number.

For example, if you specify the source source-ip and destination destination-ip combination, this command displays statistics about IPv4 connections that match connection limit rules by source IP address and destination IP address.

If you do not specify any of the source source-ip, destination destination-ip, and service-port port-number options, this command displays statistics about all IPv4 connections that match connection limit rules.

Examples

# (WX2500H and WX3000H ACs.) Display statistics about all IPv4 connections that match the connection limit rule on VLAN-interface 2.

<Sysname> display connection-limit stat-nodes interface vlan-interface 2

 Src IP address          : 100.100.100.100

     VPN instance        : 0123456789012345678901234567890

 Dst IP address          : 200.200.200.200

     VPN instance        : abcdefghijklmnopqrstuvwxyzabcde

 Tunnel ID               : 1234567890

 Service                 : tcp/12345

 Limit rule ID           : 12345(ACL: 3001)

 Sessions threshold Hi/Lo: 1100000/980000

 Sessions count          : 1050000

 Sessions limit rate     : 0

 New session flag        : Permit

# Display statistics about IPv4 connections that match the connection limit rule on IRF member device 1.

<Sysname> display connection-limit stat-nodes global slot 1

Slot 1:

 Src IP address          : Any

     VPN instance        : Vpn1

 Dst IP address          : 202.113.16.117

     VPN instance        : Vpn2

 Tunnel ID               : --

 Service                 : icmp/0

 Limit rule ID           : 7(ACL: 3102)

 Sessions threshold Hi/Lo: 4000/3800

 Sessions count          : 1001

 Sessions limit rate     : 0

 New session flag        : Permit

# (WX2500H and WX3000H ACs.) Display the number of global limit rule-based statistics sets.

<Sysname> display connection-limit stat-nodes global count

       Current limit statistic nodes count is 5.

# Display the number of limit rule-based statistics sets on VLAN-interface 10 on IRF member device 1.

<Sysname> display connection-limit stat-nodes interface vlan-interface 10 slot 1 count

Slot 1:

       Current limit statistic nodes count is 1.

# Display the number of limit rule-based statistics sets on IRF member device 1 by source IP address 1.1.1.1.

<Sysname> display connection-limit stat-nodes global slot 1 source 1.1.1.1 count

Slot 1:

       Current limit statistic nodes count is 0.

Table 4 Command output

Field

Description

Src IP address

Source IP address.

Dst IP address

Destination IP address.

VPN instance

MPLS L3VPN to which the IP address belongs. Two hyphens (--) indicates that the IP address is on the public network.

This field is not supported in the current software version.

Tunnel ID

ID of the DS-Lite tunnel. Two hyphens (--) indicates that the connection does not belong to a DS-Lite tunnel.

This field is not supported in the current software version.

Service

Protocol name and service port number.

For an unwell-known protocol, this field displays unknown(xx). The cross signs (xx) represents the protocol number. For the ICMP protocol, the protocol number is the decimal digits that are converted from the hexadecimal contents of the type and code fields.

Sessions threshold Hi/Lo

Upper and lower connection limits.

Sessions count

Number of current connections.

Sessions limit rate

Maximum number of connections established per second.

New session flag

Whether or not new connections can be created:

·     PermitNew connections can be created.

·     DenyNew connections cannot be created.

 

Related commands

·     connection-limit apply global policy

·     connection-limit apply policy

·     connection-limit policy

·     limit

limit

Use limit to configure a connection limit rule.

Use undo limit to remove the specified connection limit rule.

Syntax

In IPv4 connection limit policy view:

limit limit-id acl { acl-number | name acl-name } [ per-destination | per-service | per-source ] * { amount max-amount min-amount | rate rate } * [ description text ]

undo limit limit-id

In IPv6 connection limit policy view:

limit limit-id acl ipv6 { acl-number | name acl-name } [ per-destination | per-service | per-source ] * { amount max-amount min-amount | rate rate } * [ description text ]

undo limit limit-id

Default

No connection limit rule exists in the connection limit policy.

Views

IPv4 connection limit policy view

IPv6 connection limit policy view

Predefined user roles

network-admin

Parameters

limit-id: Specifies a connection limit rule by its ID. The value range for this argument is 1 to 256.

acl: Specifies the ACL that matches the user range. Only the user connections that match the ACL are limited.

ipv6: Specifies an IPv6 ACL. If you do not specify this keyword, an IPv4 ACL is used.

acl-number: Specifies an ACL by its number in the range of 2000 to 3999.

name acl-name: Specifies an ACL by its name.

per-destination: Limits connections by destination IP address.

per-service: Limits connections by service depending on transport layer protocol and service port.

per-source: Limits connections by source IP address.

amount: Limits the number of connections.

max-amount: Specifies the upper connection limit in the range of 1 to 4294967294. When user connections in a range or of a type exceed the upper connection limit, new connections cannot be created.

min-amount: Specifies the lower connection limit in the range of 1 to 4294967294. The lower connection limit cannot be greater than the upper connection limit. New connections cannot be created until the connection number goes below the lower connection limit.

rate: Limits the connection establishment rate.

rate: Specifies the maximum number of connections established per second. The value range is 5 to 10000000.

description text: Specifies a description for the connection limit rule, a case-sensitive string of 1 to 127 characters. By default, a connection limit rule does not have a description.

Usage guidelines

Each connection limit policy can define multiple rules. Each rule must specify the used ACL, rule type, and either of upper/lower connection limit and connection establishment rate limit. In one rule, you can specify one or multiple of the keywords per-destination, per-source, and per-service. For example, if the per-destination and per-source combination is specified, connections are limited by the source IP address and destination IP address. Connections with the same source IP address and destination IP address are the same type.

When you configure a connection limit rule, follow these restrictions and guidelines:

·     Different rules in the same connection limit policy must use different ACLs.

·     If you specify none of the per-destination, per-source, and per-service keywords, all connections that match the specified ACL are limited by the specified value.

·     When the connections established on a device are matched against a connection limit policy, the limit rules in the policy are matched in ascending order of rule ID.

·     When the specified ACL changes, the connections that have been established are limited by the new connection limit policy.

Examples

# Configure connection limit rule 1 for IPv4 connection limit policy 1:

1.     Configure ACL 3000.

<Sysname> system-view

[Sysname] acl advanced 3000

[Sysname-acl-ipv4-adv-3000] rule permit ip source 192.168.0.0 0.0.0.255

[Sysname-acl-ipv4-adv-3000] quit

2.     Limit connections that match ACL 3000 by the source and destination IP addresses, with the upper limit 2000, lower limit 1800, and establishment rate 10 per second.

[Sysname] connection-limit policy 1

[Sysname-connlmt-policy-1] limit 1 acl 3000 per-destination per-source amount 2000 1800 rate 10

3.     Verify that when the connection number exceeds 2000, new connections cannot be established until the connection number goes below 1800. (Details not shown.)

# Configure connection limit rule 2 for IPv6 connection limit policy 12:

1.     Configure ACL 2001.

<Sysname> system-view

[Sysname] acl ipv6 basic 2001

[Sysname-acl-ipv6-basic-2001] rule permit source 2:1::/96

[Sysname-acl-ipv6-basic-2001] quit

2.     Limit connections that match ACL 2001 by the source and destination IP addresses, with the upper limit 200, lower limit 100, and establishment rate 10 per second.

[Sysname] connection-limit ipv6-policy 12

[Sysname-connlmt-ipv6-policy-12] limit 2 acl ipv6 2001 per-destination amount 200 100 rate 10

3.     Verify that when the connection number exceeds 200, new connections cannot be established until the connection number goes below 100. (Details not shown.)

Related commands

·     connection-limit

·     display connection-limit

reset connection-limit statistics

Use reset connection-limit statistics to clear the connection limit statistics globally or on an interface.

Syntax

reset connection-limit statistics { global | interface interface-type interface-number } [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

network-operator

Parameters

global: Clears the global connection limit statistics.

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member device by its member ID. The slot-number argument represents the ID of the IRF member device. This option is available only when you specify the global keyword or specify a virtual interface, such as a VLAN interface.

Examples

# (WX2500H and WX3000H ACs.) Clear the connection limit statistics on VLAN-interface 2.

<Sysname> reset connection-limit statistics interface vlan-interface 2

# Clear the global connection limit statistics on IRF member device 1.

<Sysname> reset connection-limit statistics global slot 1

Related commands

display connection-limit statistics