Default Class - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 5
Managing Security Contexts
The FWSM lets you assign unlimited access to one or more resources in a class, instead of a percentage
or absolute number. When a resource is unlimited, contexts can use as much of the resource as the system
has available. For example, Context A, B, and C are in the Silver Class, which limits each class member
to 1 percent of the system inspections per second, for a total of 3 percent; but the three contexts are
currently only using 2 percent combined. Gold Class has unlimited access to inspections. The contexts
in Gold Class can use more than the 97 percent of "unassigned" inspections; they can also use the
1 percent of inspections not currently in use by Context A, B, and C, even if that means that Context A,
B, and C are unable to reach their 3 percent combined limit. (See
is similar to oversubscribing the FWSM, except that you have less control over how much you
oversubscribe the system.
Figure 5-9
5%
(100)
4%
(100)
3%
(100)
2%
(100)
1%
(100)
Default Class
All contexts belong to the default class if they are not assigned to another class; you do not have to
actively assign a context to the default class.
If a context belongs to a class other than the default class, those class settings always override the default
class settings. However, if the other class has any settings that are not defined, then the member context
uses the default class for those limits. For example, if you create a class with a 2 percent limit for all
concurrent connections, but no other limits, then all other limits are inherited from the default class.
Conversely, if you create a class with a 2 percent limit for all resources, the class uses no settings from
the default class.
By default, the default class provides unlimited access to resources for all contexts, except for the
following limits, which are by default set to the maximum allowed per context:
•
•
•
•
OL-6392-01
Unlimited Resources
Total Number of Fixups per Second = 10,000
A
B
C
Contexts Silver Class
Telnet sessions—5 sessions.
SSH sessions—5 sessions.
IPSec sessions—5 sessions.
MAC addresses—65,535 entries.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
50% 43%
1
2
3
Contexts Gold Class
Configuring Resource Management
Figure
5-9.) Setting unlimited access
Maximum connections
allowed.
Connections in use.
Connections denied
because system limit
was reached.
5-13
Advertisement
Table of Contents
Troubleshooting
