Configuring a security context – Cisco ASA 5505 User Manual

Page 218

Advertising
background image

5-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 5 Configuring Multiple Context Mode

Configuring Multiple Contexts

Examples

For example, to set the default class limit for conns to 10 percent instead of unlimited, enter the
following commands:

hostname(config)# class default

hostname(config-class)# limit-resource conns 10%

All other resources remain at unlimited.

To add a class called gold, enter the following commands:

hostname(config)# class gold

hostname(config-class)# limit-resource mac-addresses 10000

hostname(config-class)# limit-resource conns 15%

hostname(config-class)# limit-resource rate conns 1000

hostname(config-class)# limit-resource rate inspects 500

hostname(config-class)# limit-resource hosts 9000

hostname(config-class)# limit-resource asdm 5

hostname(config-class)# limit-resource ssh 5

hostname(config-class)# limit-resource rate syslogs 5000

hostname(config-class)# limit-resource telnet 5

hostname(config-class)# limit-resource xlates 36000

Configuring a Security Context

The security context definition in the system configuration identifies the context name, configuration file
URL, and interfaces that a context can use.

Prerequisites

Perform this procedure in the system execution space.

For ASA 5500 series appliances, configure physical interface parameters, VLAN subinterfaces, and
redundant interfaces according to the

Chapter 6, “Starting Interface Configuration

(ASA 5510 and Higher).”

If you do not have an admin context (for example, if you clear the configuration) then you must first
specify the admin context name by entering the following command:

hostname(config)# admin-context name

limit-resource all

0

Example:

hostname(config)# limit-resource all 0

Sets all resource limits (shown in

Table 5-1

) to be unlimited. For

example, you might want to create a class that includes the admin
context that has no limitations. The default class has all resources
set to unlimited by default.

limit-resource

[rate] resource_name

number[%]

Example:

hostname(config)# limit-resource rate

inspects 10

Sets a particular resource limit. For this particular resource, the
limit overrides the limit set for all. Enter the rate argument to set
the rate per second for certain resources. For resources that do not
have a system limit, you cannot set the percentage (%) between 1
and 100; you can only set an absolute value. See

Table 5-1

for

resources for which you can set the rate per second and which do
not have a system limit.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals