Hi Tyson
Snippet from http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mngcntxt.html#wp1113989 *Snippet 1* To set all resource limits (shown in Table 7-1) to be unlimited, enter the following command: hostname(config-resmgmt)# limit-resource all 0 For example, you might want to create a class that includes the admin context that has no limitations. The default class has all resources set to unlimited by default. *Snippet 2* Default Class All contexts belong to the default class if they are not assigned to another class; you do not have to actively assign a context to the default class. If a context belongs to a class other than the default class, those class settings always override the default class settings. However, if the other class has any settings that are not defined, then the member context uses the default class for those limits. Snippet 1 tells that "all" covers all the settings. Snippet 2 tells that custom class inherits values from default class. With the following configuration, will the class king's unconfigured parameters (ssh, xlates, telnet etc) inherit values from class default or have them unlimited as "All" configured to be "0" class default limit-resource All 0 limit-resource Mac-addresses 65535 limit-resource ASDM 5 limit-resource SSH 5 limit-resource Telnet 5 class king imit-resource All 0 limit-resource Conns 3 limit-resource Hosts 4 Table 7-1 Resource Names and Limits Resource Name Rate or Concurrent Minimum and Maximum Number per Context System Limit1 <#wpxref1116353> Description *mac-addresses* Concurrent N/A 65,535 For transparent firewall mode, the number of MAC addresses allowed in the MAC address table. *conns* Concurrent or Rate N/A Concurrent connections: See the "Supported Feature Licenses Per Model" section on page 3-1 <license.html#wpxref21892> for the connection limit for your platform. Rate: N/A TCP or UDP connections between any two hosts, including connections between one host and multiple other hosts. *inspects* Rate N/A N/A Application inspections. *hosts* Concurrent N/A N/A Hosts that can connect through the security appliance. *asdm* Concurrent 1 minimum 5 maximum 32 ASDM management sessions. *Note *ASDM sessions use two HTTPS connections: one for monitoring that is always present, and one for making configuration changes that is present only when you make changes. For example, the system limit of 32 ASDM sessions represents a limit of 64 HTTPS sessions. *ssh* Concurrent 1 minimum 5 maximum 100 SSH sessions. *syslogs* Rate N/A N/A System log messages. *telnet* Concurrent 1 minimum 5 maximum 100 Telnet sessions. *xlates* Concurrent N/A N/A Address translations. With regards Kings On Wed, Sep 8, 2010 at 9:27 PM, Kingsley Charles <[email protected] > wrote: > Hi Tyson > > "All" is configured for 0 which means unlimited. ssh and slates are > configured for 3. > > class king > limit-resource All 0 > limit-resource SSH 3 > limit-resource Xlates 3 > > If "All" is the superset then all others for which we have not configured, > will be unlimited. > > But as per cisco docs, the user customer class inherits the values for > unconfigured paramters from default class. > > > > With regards > Kings > > > On Wed, Sep 8, 2010 at 7:32 PM, Tyson Scott <[email protected]> wrote: > >> Yes. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Wednesday, September 08, 2010 9:44 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] class - limit-resource All - >> multicontext mode >> >> >> >> Hi all >> >> What does "All" refer to when configuring a class? >> >> class >> limit-resource All >> >> The various other resources are >> >> limit-resource Conns 0 >> limit-resource Hosts 0 >> limit-resource Mac-addresses 2 >> limit-resource SSH 3 >> limit-resource Xlates 3 >> limit-resource ASDM 6.0% >> >> Is "All" is superset of these resources? >> >> >> >> With regards >> Kings >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
