The ds-lite port-limit command configures the restriction on the number of session connections.
The ds-lite port-limit command cancels the restriction on the number of session connections.
ds-lite acl6 acl-number session-limit { tcp tcp-session-limit-number | total total-session-limit-number | udp udp-session-limit-number } [ alarm threshold threshold-number ] outbound
undo ds-lite acl6 acl-number session-limit { tcp tcp-session-limit-number | total total-session-limit-number | udp udp-session-limit-number } [ alarm threshold threshold-number ] outbound
| Parameter | Description | Value |
|---|---|---|
| acl-number | Specifies the ACL6 number. | The value is an integer ranging from 2000 to 3999. |
| tcp tcp-session-limit-number | Specifies the number of TCP session connections. | The value range of the parameter is subject to the specific device model. Please refer to the actual data in practice. |
| total total-session-limit-number | Specifies the total number of session connections. | The value range of the parameter is subject to the specific device model. Please refer to the actual data in practice. |
| udp udp-session-limit-number | Specifies the number of UDP session connections. | The value range of the parameter is subject to the specific device model. Please refer to the actual data in practice. |
| alarm threshold threshold-number | Specifies the alarm threshold for the number of sessions. | The value ranges from 60% to 100% and defaults to 80%. |
| outbound | Indicates that the session restriction is implemented on the CPE device. | - |
The restriction on the number of sessions connections is to restrict the number of sessions connections that can be initiated by a CPE, instead of by the users under the CPE.
The restriction on the number of sessions connections is configured in the security zone view. The security zone here refers to the one to which the DS-Lite tunnel interface that is configured on the FW joins.
# Restrict that a maximum of 180,000 sessions are established during the connection between a CPE and the FW.
[sysname] interface tunnel 1 [sysname-Tunnel1] tunnel-protocol ipv4-ipv6 ds-lite [sysname-Tunnel1] source 3000::2 [sysname-Tunnel1] ip address 10.10.10.2 24 [sysname-Tunnel1] quit [sysname] firewall zone trust [sysname-zone-trust] add interface Tunnel 1 [sysname-zone-trust] ds-lite acl6 2500 session-limit tcp 180000 outbound