nat port-limit

Function

The nat port-limit command sets the maximum number of ports for a user.

The undo nat port-limit command restores the default configuration.

By default, the maximum number of TCP or UDP ports is 10240, the maximum number of ICMP ports is 512, and the total number of TCP, UDP, and ICMP ports is 20992.

This command is supported only on the NetEngine 8000 F1A.

Format

nat port-limit { tcp | udp | icmp | total } limit-value

undo nat port-limit { tcp | udp | icmp | total } [ limit-value ]

Parameters

Parameter	Description	Value
tcp	Specifies the maximum number of available TCP ports.	-
udp	Specifies the maximum number of available UDP ports.	-
icmp	Specifies the maximum number of available ICMP ports.	-
total	Specifies the maximum number of available ports. If the total number of TCP, UDP, and ICMP ports used for NAT has exceeded the maximum, NAT cannot be performed even if the number of TCP, UDP, or ICMP ports used for NAT has not reached the maximum.	-
limit-value	Sets a limit on the number of ports.	The value is an integer ranging from 50 to 65535.

Views

NAT instance view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
nat	write

Usage Guidelines

Usage Scenario

Some unauthorized users may consume a lot of port resources to attack devices. As a result, there is a possibility that no port can be assigned to authorized users for NAT. To limit the maximum number of ports for a user, run the nat port-limit command.

Precautions

This command can only be used with the static source tracing algorithm in the on-board NAT scenario.

This command does not take effect on the address-based NAT internal server.

Example

# Configure the TCP port number limits to 20000 for a NAT instance named cpe1.

<HUAWEI> system-view
[~HUAWEI] nat instance cpe1 id 1
[*HUAWEI-nat-instance-cpe1] nat port-limit tcp 20000