Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-53
Cisco IOS XR System Security Configuration Guide
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto isakmp call admission limit {cpu {total
percent
| ike
percent
}}
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp call
admission limit cpu total 90
Specifies the maximum number of IKE SAs that the
router can establish before IKE begins rejecting new
SA requests.
• Use the cpu keyword to specify the total
resource limit for the CPU usage.
• Use the total keyword to specify the maximum
total CPU usage to accept new calls. The range
for the percent argument is from 1 to 100.
• Use the ike keyword to specify the maximum
IKE CPU usage to accept new calls. The range
for the percent argument is from 1 to 100.
Step 3
end
or
commit
Example:
RP/0/RP0/CPU0:router(config)# end
or
RP/0/RP0/CPU0:router(config)# commit
Saves configuration changes.
• When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
–
Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
–
Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
• Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
Step 4
show crypto isakmp call admission statistics
Example:
RP/0/RP0/CPU0:router# show crypto isakmp call
admission statistics
Monitors crypto CAC statistics.
To Next Page
Loading...
