Cisco 7604 Configuration Manual page 624
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Appendix A
Specifications
Rule Limits
est {max_established_rules | current | default | max}
aaa {max_aaa_rules | current | default | max}
console {max_console_rules | current | default | max}
In multiple context mode, this command sets the rule allocation per partition. You must enter all
arguments in this command. This command takes effect immediately.
The nat max_nat_rules arguments set the maximum number of policy NAT ACEs, between 0 and 10000.
The acl max_nat_rules arguments set the maximum number of ACEs, between 0 and the system limit.
The system limit depends on single or multiple context mode, and how many memory partitions you
configured. For single mode, the value is 100567. For multiple mode, see
Step 1
to use the show
resource rule command.
The filter max_nat_rules arguments set the maximum number of filter rules, between 0 and 6000.
The fixup max_nat_rules arguments set the maximum number of inspect rules, between 0 and 10000.
The est max_nat_rules arguments set the maximum number of established commands, between 0 and
716. The established command creates two types of rules, control and data. Both of these types are shown
in the show np 3 acl count and show resource rules display, but you set both rules using the est
keyword, which correlates with the number of established commands. Be sure to double the value you
enter here when comparing the total number of configured rules with the total number of rules shown in
the show commands.
The aaa max_nat_rules arguments set the maximum number of AAA rules, between 0 and 10000.
The console max_nat_rules arguments set the maximum number of ICMP, Telnet, SSH, and HTTP rules,
between 0 and 4000.
The current keyword keeps the current value set.
The default keyword sets the maximum rules to the default.
The max keyword sets the rules to the maximum allowed for the feature. Be sure to set other features
lower to accommodate this value.
For example, to reallocate 1000 rules from the single-mode default 74,188 ACEs to inspections (default
4147), enter the following command:
hostname(config)# resource rule nat default acl 73188 filter default fixup 5157 est
default aaa default console default
In multiple context mode with 12 partitions, to reallocate 100 ACEs (default 10,633) to inspections
(default 1417) as well as all but one established rule (default 70) to filter (default 425), enter the
following command:
hostname(config)# resource rule nat default acl 10533 filter 494 fixup 1517 est 1 aaa
default console default
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
A-10
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
