Cisco 7604 Configuration Manual page 254

Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs Also See for 7604:
Table of Contents

Advertisement

Logging Access List Activity
For example, if someone initiates a DoS attack, the FWSM can create a large number of deny flows in a
short period of time. Restricting the number of deny flows prevents unlimited consumption of memory
and CPU resources.
When you reach the maximum number of deny flows, the FWSM issues system log message 106100:
%XXX-1-106101: The number of ACL log deny-flows has reached limit (number).
To configure the maximum number of deny flows and to set the interval between deny flow alert
messages (106101), enter the following commands:
To set the maximum number of deny flows permitted per context before the FWSM stops logging,
enter the following command:
hostname(config)# access-list deny-flow-max number
The number is between 1 and 4096. 4096 is the default.
To set the amount of time between system log messages (number 106101) that identify that the
maximum number of deny flows was reached, enter the following command:
hostname(config)# access-list alert-interval secs
The seconds are between 1 and 3600. 300 is the default.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
13-28
Chapter 13
Identifying Traffic with Access Lists
OL-20748-01

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

7609-s76137606-sCatalyst 6500 series7600 series

Table of Contents