number
log-update-threshold
Default
If an access list number is not specified, all access lists are shown.
Mode
EXEC or Global configuration:
Examples
The following example displays configured access lists on the XSR:
XSR#show access-lists
Extended IP access list 100
The following example displays the log threshold:
XSR(config)#show access-lists log-update-threshold
access-list log-update-threshold 10000
crypto key master
This command creates, deletes, or specifies a master encryption key, which encodes all other keys
on the XSR including AAA user database and private keys used by PKI (
hostkey.dat
Syntax
crypto key master {generate | remove | specify}
generate
remove
specify
Mode
Global configuration:
Access list number defined using the
Packet ceiling, when met, will trigger violations log.
XSR>
permit ip any host 192.168.1.0
). Before configuring your VPN, you must generate this key.
Caution: The master encryption key is stored in hardware, not Flash, and you cannot read the
key - only overwrite the old key by writing a new one. To ensure router security, it is critical not to
compromise the key. There are situations where you may want to keep the key, for example, to
save the user database off-line in order to later download it to the XSR. In order to encrypt the
user database, you need the same master key, indicating the key designation with the master
key specify command. Be aware that if the XSR is inoperable and you press the Default
button, the master key is erased and you must generate a new one.
Create a master encryption key.
Delete the master encryption and host key pair (hostkey.dat).
Specify a master encryption key.
XSR(config)#
XSR(config)#
or
IPSec Clear and Show Commands
access-list
command.
user.dat
cert.dat
,
XSR CLI Reference Guide 14-109
and