This section describes how to configure optional PCP functions.
The FW allows you to configure the following optional PCP functions:
PCP mapping lifetime
The request packet sent by a PCP client contains a PCP mapping lifetime. You can also set a PCP mapping lifetime on the FW. The final PCP mapping lifetime depends on the lifetime requested by the PCP client and the lifetime configured on the FW. Configuring a PCP mapping lifetime ensures that resources are released in a timely manner.
PCP mapping logging
The FW provides the function of logging PCP mappings. PCP mappings can be stored in the log cache to prevent repudiation.
Limit on the maximum number of PCP mappings that each PCP client can request
The FW allows you to limit the maximum number of PCP mappings that each PCP client can request to prevent address exhaustion.
THIRD_PARTY option
PCP packets in either peer or map mode can carry the THIRD_PARTY option. The presence of the THIRD_PARTY option in a PCP request packet signifies that the specified address, rather than the source IP address of the PCP request packet, should be used as the internal address for the mapping. For the sake of security, the FW supports the THIRD_PARTY option. The FW can process PCP packets carrying the THIRD_PARTY option only after the option is enabled.
Configure a PCP mapping lifetime.
pcp mapping lifetime { max max-lifetime | min min-lifetime } *
By default, the maximum lifetime is 1800s, and the minimum lifetime is 120s.
Enable the function of logging PCP mappings.
By default, the function is disabled.
After configuring the function, you can use the display logbuffer sec-log command to view PCP mapping logs in the log cache.
Configure the maximum number of PCP mappings that each PCP client can request.
pcp mapping per-client max max-number
By default, each PCP client can request a maximum of 32 PCP mappings.
Enable the THIRD_PARTY option.
By default, this option is disabled.