1-19
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Multiple Context Mode
Configuring Multiple Contexts
Detailed Steps
Examples
For example, to set the default class limit for conns to 10 percent instead of unlimited, and to allow 5
site-to-site VPN tunnels with 2 tunnels allowed for VPN burst, enter the following commands:
hostname(config)# class default
hostname(config-class)# limit-resource conns 10%
hostname(config-class)# limit-resource vpn other 5
hostname(config-class)# limit-resource vpn burst other 2
All other resources remain at unlimited.
To add a class called gold, enter the following commands:
hostname(config)# class gold
hostname(config-class)# limit-resource mac-addresses 10000
hostname(config-class)# limit-resource conns 15%
syslogs Rate N/A N/A Syslog messages per second.
telnet Concurrent 1 minimum
5 maximum
100 Telnet sessions.
xlates
2
Concurrent N/A N/A Network address translations.
1. If this column value is N/A, then you cannot set a percentage of the resource because there is no hard system limit for the resource.
2. Syslog messages are generated for whichever limit is lower xlates or conns. For example, if you set the xlates limit to 7 and the conns to 9, then the ASA
only generates syslog message 321001 (“Resource 'xlates' limit of 7 reached for context 'ctx1'”) and not 321002 (“Resource 'conn rate' limit of 5 reached
for context 'ctx1'”).
Command Purpose
Step 1
class name
Example:
hostname(config)# class gold
Specifies the class name and enters the class configuration mode.
The name is a string up to 20 characters long. To set the limits for
the default class, enter default for the name.
Step 2
limit-resource [rate] resource_name
number[%]
Example:
hostname(config-class)# limit-resource
rate inspects 10
Sets the resource limit for a resource type. See Table 1-1 for a list
of resource types. If you specify all, then all resources are
configured with the same value. If you also specify a value for a
particular resource, the limit overrides the limit set for all.
Enter the rate argument to set the rate per second for certain
resources.
For most resources, specify 0 for the number to set the resource to
be unlimited or to be the system limit, if available. For VPN
resources, 0 sets the limit to none.
For resources that do not have a system limit, you cannot set the
percentage (%); you can only set an absolute value.
Tab le 1-1 Resou rce Names and Limits (continued)
Resource
Name
Rate or
Concurrent
Minimum and
Maximum
Number per
Context System Limit
1
Description
To Next Page
Loading...
Need help?
General
