Configuring the maximum number of rules, Changing the maximum number of rules globally – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 26

Advertising
background image

12

ServerIron ADX Security Guide

53-1002440-03

Transaction Rate Limit (TRL)

1

<ip_address> —IP address of the TFTP server.

<trl_config_file_name> —File name of Transaction Rate Limit configuration.

<retry_count> —Retry number for the download.

Verify that the Transaction Rate Limit configuration file is in the following format.

client-trans-rate-limit tcp trl101

trl 10.2.24.0/24 monitor-interval 50 conn-rate 100 hold-down-time 60

trl 10.2.24.10/32 exclude

NOTE

This is the same format as the show running-configuration command generates.

Configuring the maximum number of rules

By default a TRL a policy can have up to 2500 IPv4 rules and 2500 IPv6 rules. A maximum of
15,000 IPv4 and 15,000 IPv6 rules are supported on a ServerIron ADX for all policies. While the
maximum number of rules cannot be increased over the 15,000 maximum, these limits can be
changed globally or locally per-policy.

Changing the maximum number of rules globally.

You can change the maximum number of TRL rules globally on a ServerIron ADX for all policies as
shown.

ServerIronADX(config)# client-trans-rate-limit max-ipv4-rules 2000

Syntax: [no] client-trans-rate-limit { max-ipv4-rules | max-ipv6-rules } <rules-count>

The max-ipv4-rules parameter specifies that the rules limit is being set for IPv4 rules.

The max-ipv6-rules parameter specifies that the rules limit is being set for IPv6 rules.

The <rules-count> variable specifies the number of rules that will be supported globally. The
maximum values (also the default) are: 15,000 for IPv4 and 15,000 for IPv6.

Changing the maximum number of rules locally per-policy.

You can change the maximum number of TRL rules for an individual policy on a ServerIron ADX for
as shown.

ServerIronADX(config)# client-trans-rate-limit tcp trl1

ServerIronADX(config-client-trl-trl1)# trl max-ipv4-rules 2000

Syntax: [no] trl { max-ipv4-rules | max-ipv6-rules } <rules-count>

The max-ipv4-rules parameter specifies that the rules limit is being set for IPv4 rules for the
specified policy.

The max-ipv6-rules parameter specifies that the rules limit is being set for IPv6 rules for the
specified policy.

The <rules-count> variable specifies the number of rules that will be supported for the specified
policy that this command is being configured under. The default values are: 2500 for IPv4 and
2500 for IPv6. The value for each (IPv4 and IPv6) can be set to any number as long as the global
limits are observed.

Advertising
Popular Brands
Popular manuals