Configuring Resource Management - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 4
Configuring Security Contexts
Configuring Resource Management
hostname(config-partition)# rule nat {max_policy_nat_rules | current | default | max}
acl {max_ace_rules | current | default | max}
filter {max_filter_rules | current | default | max}
fixup {max_inspect_rules | current | default | max}
est {max_established_rules | current | default | max}
aaa {max_aaa_rules | current | default | max}
console {max_console_rules | current | default | max}
You must enter all arguments in this command. This command takes effect immediately.
The nat max_nat_rules arguments set the maximum number of policy NAT ACEs, between 0 and 10000.
The acl max_nat_rules arguments set the maximum number of ACEs, between 0 and the system limit.
The system limit depends on how many memory partitions you configured. See
Step 1
to use the show
resource rule command.
The filter max_nat_rules arguments set the maximum number of filter rules, between 0 and 6000.
The fixup max_nat_rules arguments set the maximum number of inspect rules, between 0 and 10000.
The est max_nat_rules arguments set the maximum number of established commands, between 0 and
716. The established command creates two types of rules, control and data. Both of these types are shown
in the show np 3 acl count and show resource rules display, but you set both rules using the est
keyword, which correlates with the number of established commands. Be sure to double the value you
enter here when comparing the total number of configured rules with the total number of rules shown in
the show commands.
The aaa max_nat_rules arguments set the maximum number of AAA rules, between 0 and 10000.
The console max_nat_rules arguments set the maximum number of ICMP, Telnet, SSH, and HTTP rules,
between 0 and 4000.
The current keyword keeps the current value set.
The default keyword sets the maximum rules to the default.
The max keyword sets the rules to the maximum allowed for the feature. Be sure to set other features
lower to accommodate this value.
For example for partition 0, to reallocate 999 rules from the default 14,801 ACEs to inspections (default
9001), enter the following command:
hostname(config)# resource partition 0
hostname(config-partition)# rule nat default acl 13802 filter default fixup 10000 est
default aaa default console default
Configuring Resource Management
By default, all security contexts have unlimited access to the resources of the FWSM, except where
maximum limits per context are enforced. However, if you find that one or more contexts use too many
resources, and they cause other contexts to be denied connections, for example, then you can configure
resource management to limit the use of resources per context.
The FWSM does not limit the bandwidth per context; however, the switch containing the FWSM can
Note
limit bandwidth per VLAN. See the switch documentation for more information.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-21
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
