LSN 配置示例
以下是通过命令行界面配置 LSN 的示例。
使用单个订阅者网络、单个 LSN NAT IP 地址和默认设置创建简单的 LSN 配置:
add lsn client LSN-CLIENT-1
Done
bind lsn client LSN-CLIENT-1 -network 192.0.2.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-1
Done
bind lsn pool LSN-POOL-1 203.0.113.3
Done
add lsn group LSN-GROUP-1 -clientname LSN-CLIENT-1
Done
bind lsn group LSN-GROUP-1 -poolname pool1 LSN-POOL-1
Done
使用扩展 ACL 创建 LSN 配置,用于识别 LSN 订阅者:
add ns acl LSN-ACL-2 ALLOW -srcIP 192.0.2.10-192.0.2.20
Done
apply acls
Done
add lsn client LSN-CLIENT-2
Done
bind lsn client LSN-CLIENT-2 –aclname LSN-ACL-2
Done
add lsn pool LSN-POOL-2
Done
bind lsn pool LSN-POOL-2 203.0.113.5-203.0.113.10
Done
add lsn group LSN-GROUP-2 -clientname LSN-CLIENT-2
Done
bind lsn group LSN-GROUP-2 -poolname LSN-POOL-2
Done
使用 HTTP 协议(端口 80)和 SSH 协议(端口 22)的地址端口相关映射创建 LSN 配置。此外,限制每个订阅者最多使用 1000 个 NAT 端口用于 TCP 协议,最多使用 100 个 NAT 端口用于 UDP 协议。限制每个订阅者具有 TCP 协议的最多 2000 个并发会话。将组限制为 TCP 协议的最多具有 30000 个并发会话:
add lsn client LSN-CLIENT-3
Done
bind lsn client LSN-CLIENT-3 -network 192.0.3.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-3
Done
bind lsn pool LSN-POOL-3 203.0.113.11
Done
add lsn group LSN-GROUP-3 -clientname LSN-CLIENT-3
Done
bind lsn group LSN-GROUP-3 -poolname LSN-POOL-3
Done
add lsn appsprofile LSN-APPS-HTTPPROFILE-3 TCP -mapping ENDPOINT-INDEPENDENT
Done
bind lsn appsprofile LSN-APPS-HTTPPROFILE-3 80
Done
bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-HTTPPROFILE-3
Done
add lsn appsprofile LSN-APPS-SSHPROFILE-3 TCP -mapping ADDRESS-PORT-DEPENDENT
Done
bind lsn appsprofile LSN-APPS-SSHPROFILE-3 22
Done
bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-SSHPROFILE-3
Done
add lsn transportprofile LSN-TRANS-PROFILE-TCP-3 TCP -portquota 1000 -sessionquota 2000 -groupSessionLimit 30000
Done
bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-TCP-3
Done
add lsn transportprofile LSN-TRANS-PROFILE-UDP-3 UDP -portquota 100
Done
bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-UDP-3
Done
为大量订阅者创建 LSN 配置:
add lsn client LSN-CLIENT-4
Done
bind lsn client LSN-CLIENT-4 -network 192.0.4.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.5.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.6.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.7.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.8.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-4
Done
bind lsn pool LSN-POOL-4 203.0.113.30-203.0.113.40
Done
bind lsn pool LSN-POOL-4 203.0.113.45-203.0.113.50
Done
bind lsn pool LSN-POOL-4 203.0.113.55-203.0.113.60
Done
add lsn group LSN-GROUP-4 -clientname LSN-CLIENT-4
Done
bind lsn group LSN-GROUP-4 -poolname LSN-POOL-4
Done
add lsn appsprofile LSN-APPS-WELLKNOWNPROFILE-4 TCP -mapping ENDPOINT-INDEPENDENT
Done
bind lsn appsprofile LSN-APPS-WELLKNOWN-PORTS-PROFILE-4 1- 1023
Done
bind lsn group LSN-GROUP-4 -applicationprofilename LSN-APPS-WELLKNOWN-PORTS-PROFILE-4
Done
通过在多个 LSN 组之间共享 NAT 资源创建 LSN 配置。在此示例中,LSN 池 LSN-POOL-5 与 LSN-GROUP-5 和 LSN-GROUP-6 共享:
add lsn client LSN-CLIENT-5
Done
bind lsn client LSN-CLIENT-5 -network 192.0.15.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-5
Done
bind lsn pool LSN-POOL-5 203.0.113.12-203.0.113.14
Done
add lsn group LSN-GROUP-5 -clientname LSN-CLIENT-5
Done
bind lsn group LSN-GROUP-5 -poolname LSN-POOL-5
Done
add lsn client LSN-CLIENT-6
Done
bind lsn client LSN-CLIENT-6 -network 192.0.16.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-6
Done
bind lsn pool LSN-POOL-6 203.0.113.15-203.0.113.18
Done
add lsn group LSN-GROUP-6 -clientname LSN-CLIENT-6
Done
bind lsn group LSN-GROUP-6 -poolname LSN-POOL-6
Done
bind lsn group LSN-GROUP-6 -poolname LSN-POOL-5
Done
创建具有确定性 NAT 资源分配的 LSN 配置:
add lsn client LSN-CLIENT-7
Done
bind lsn client LSN-CLIENT-7 -network 192.0.17.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-7 -nattype DETERMINISTIC
Done
bind lsn pool LSN-POOL-7 203.0.113.19-203.0.113.23
Done
add lsn group LSN-GROUP-7 -clientname LSN-CLIENT-7 -nattype DETERMINISTIC -portblocksize 1024
Done
bind lsn group LSN-GROUP-7 -poolname LSN-POOL-7
Done
使用具有相同网络地址但每个网络属于不同流量域的多个订阅者网络创建 LSN 配置。此外,限制与 HTTP 协议(端口 80)相关的出站流量,通过特定流量域(td 5)发送它:
add lsn client LSN-CLIENT-8
Done
bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 1
Done
bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 2
Done
bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 3
Done
add lsn pool LSN-POOL-8
Done
bind lsn pool LSN-POOL-8 203.0.113.80-203.0.113.86
Done
add lsn group LSN-GROUP-8 -clientname LSN-CLIENT-8
Done
bind lsn group LSN-GROUP-8 -poolname LSN-POOL-8
Done
add lsn appsprofile LSN-APPS-HTTP-PROFILE-8 TCP -td 5
Done
bind lsn appsprofile LSN-APPS-HTTP-PROFILE-8 80
Done
bind lsn group LSN-GROUP-8 -applicationprofilename LSN-APPS-HTTP-PROFILE-8
Done
创建 LSN 配置,限制特定协议 (TCP) 的出站流量,并通过特定流量域 (td 5) 发送它。使用与端点无关的筛选,在任何流量域上接收与此协议 (TCP) 相关的入站流量:
add lsn client LSN-CLIENT-9
Done
bind lsn client LSN-CLIENT-9 -network 192.0.9.0 -netmask 255.255.255.0 -td 1
Done
add lsn pool LSN-POOL-9
Done
bind lsn pool LSN-POOL-9 203.0.113.90
Done
add lsn group LSN-GROUP-9 -clientname LSN-CLIENT-9
Done
bind lsn group LSN-GROUP-9 -poolname LSN-POOL-9
Done
add lsn appsprofile LSN-APPS-PROFILE-9 TCP -filtering ENDPOINT-INDEPENDENT -td 5
Done
bind lsn group LSN-GROUP-9 -approfile LSN-APPS-PROFILE-9
Done
创建限制出站 HTTP(端口 80)流量的 LSN 配置,并通过特定流量域 (td 10) 发送它。通过与地址相关的筛选,在指定流量域 (td 10) 上接收与此协议 (HTTP) 相关的入站流量:
add lsn client LSN-CLIENT-10
Done
bind lsn client LSN-CLIENT-10 -network 192.0.10.0 -netmask 255.255.255.0 -td 1
Done
add lsn pool LSN-POOL-10
Done
bind lsn pool LSN-POOL-10 203.0.113.100
Done
add lsn group LSN-GROUP-10 -clientname LSN-CLIENT-10
Done
bind lsn group LSN-GROUP-10 -poolname LSN-POOL-10
Done
add lsn appsprofile LSN-APPS-PROFILE-10 TCP -mapping ENDPOINT -INDEPENDENT -filtering ADDRESS-DEPENDENT -td 10
Done
bind lsn appsprofile LSN-APPS-PROFILE-10 80
Done
bind lsn group LSN-GROUP-10 -approfile LSN-APPS-PROFILE-10
Done
本内容的正式版本为英文版。部分 Cloud Software Group 文档内容采用了机器翻译,仅供您参考。Cloud Software Group 无法控制机器翻译的内容,这些内容可能包含错误、不准确或不合适的语言。对于从英文原文翻译成任何其他语言的内容的准确性、可靠性、适用性或正确性,或者您的 Cloud Software Group 产品或服务沿用了任何机器翻译的内容,我们均不作任何明示或暗示的保证,并且适用的最终用户许可协议或服务条款或者与 Cloud Software Group 签订的任何其他协议(产品或服务与已进行机器翻译的任何文档保持一致)下的任何保证均不适用。对于因使用机器翻译的内容而引起的任何损害或问题,Cloud Software Group 不承担任何责任。
LSN 配置示例
已复制!
失败!