< Home

ike call admission limit in-negotiation-sa

Function

The ike call admission limit in-negotiation-sa command specifies the maximum number of IKE SAs waiting in a queue.

The undo ike call admission limit in-negotiation-sa command restores the default maximum number of IKE SAs waiting in a queue.

By default, the maximum number of IKE SAs waiting in a queue is 800 on a CPU.

The virtual system does not support this command.

Format

ike call admission limit in-negotiation-sa limit-value

undo ike call admission limit in-negotiation-sa

Parameters

Parameter Description Value

limit-value

Specifies the maximum number of IKE SAs waiting in a queue.

The value is an integer that ranges from 1 to 800.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

You can run this command to set the maximum number of IKE SAs waiting in a queue to defend against DOS attacks.

Example

# Set the maximum number of IKE SAs waiting in a queue to 100.

<sysname> system-view
[sysname] ike call admission limit in-negotiation-sa 100
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >