5-15
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 5 Managing Security Contexts
Configuring Resource Management
Step 2 To set the resource limits, see the following options:
• To set all resource limits (shown in Table 5-1), enter the following command:
FWSM(config-resmgmt)# limit-resource all {
number
% | 0}
The number is an integer greater than or equal to 1. 0 (without a percent sign (%)) sets the resources
to unlimited. You can assign more than 100 percent if you want to oversubscribe the device.
• To set a particular resource limit, enter the following command:
FWSM(config-resmgmt)# limit-resource [rate]
resource_name
number
[%]
For this particular resource, the limit overrides the limit set for all. Enter the rate argument to set
the rate per second for certain resources. See Table 5-1 for resources for which you can set the rate
per second.
Table 5-1 lists the resource types and the limits. See also the show resource types command.
Table 5-1 Resource Names and Limits
Resource Name
Minimum and Maximum
Number per Context Total Number for System Description
mac-addresses N/A 65 K concurrent For transparent firewall mode, the number of
MAC addresses allowed in the MAC address
table.
conns N/A 999,900 concurrent
102,400 per second (rate)
TCP or UDP connections between any two
hosts, including connections between one host
and multiple other hosts.
Note For concurrent connections, the FWSM
allocates half of the limit to each of two
network processors (NPs) that accept
connections. Typically, the connections
are divided evenly between the NPs.
However, in some circumstances, the
connections are not evenly divided, and
you might reach the maximum
connection limit on one NP before
reaching the maximum on the other. In
this case, the maximum connections
allowed is less than the limit you set.
The NP distribution is controlled by the
switch based on an algorithm. You can
adjust this algorithm on the switch (see
the “Customizing the FWSM Internal
Interface” section on page 2-11), or you
can adjust the connection limit upward
to account for the inequity.
fixups N/A 10,000 per second (rate) Application inspection.
hosts N/A 256 K concurrent Hosts that can connect through the FWSM.
ipsec 1 minimum
5 maximum concurrent
10 concurrent IPSec sessions
To Next Page
Loading...
Need help?
General