max-logins

To specify the maximum number of concurrent logins that are allowed for a certain user, use the max-logins command in ISAKMP group configuration mode. To remove the number of connections that were set, use the no form of this command.

max-logins number-of-logins no max-logins number-of-logins

Syntax Description

Defaults The default is 10.

Command Modes ISAKMP group configuration

Command History

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The crypto isakmp client configuration group command must be configured before this command can be configured.

This command makes it possible to mimic the functionality provided by some RADIUS servers for limiting the number of simultaneous logins for users in that group.

The max-users and max-logins commands are enabled together or individually to control the usage of resources by any groups or individuals.

Task ID

number-of-logins Number of logins. The value ranges from 0 to 16 and 384.

Note The value zero is special and indicates that no limit is imposed.

Release Modification

Release 3.4.0 This command was introduced. Release 3.5.0 No modification. Release 3.6.0 No modification. Release 3.7.0 No modification. Release 3.8.0 No modification. Release 3.9.0 No modification. Task ID Operations

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software

max-logins

Examples The following example shows that the maximum number of logins for users in server group cisco is set to 8:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# crypto isakmp client configuration group cisco

RP/0/0/CPU0:router(config-group)# max-logins 8

Related Commands Command Description crypto isakmp client

configuration group

Specifies the group whose policy profile is defined.

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software max-users

max-users

To limit the number of connections to a specific server group, use the max-users command in ISAKMP group configuration mode. To remove the number of connections that were set, use the no form of this command.

max-users number-of-users no max-users number-of-users

Syntax Description

Defaults The default is 1000.

Command Modes ISAKMP group configuration

Command History

The crypto isakmp client configuration group command must be configured before this command can be configured.

This command makes it possible to mimic the functionality provided by some RADIUS servers for limiting the number of connections to a specific server group.

The max-users and max-logins commands are enabled together or individually to control the usage of resources by any groups or individuals.

Task ID

number-of-users Number of connected users. The value ranges from 0 to 16 and 384.

Note The value zero is special and indicates that no limit is imposed. However, the value zero is accepted from an external RADIUS server and processed properly.

Release Modification

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software

max-users

Examples The following example shows that the maximum number of connections to server group cisco is set to 1200:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# crypto isakmp client configuration group cisco

RP/0/0/CPU0:router(config-group)# max-users 1200

Related Commands Command Description crypto isakmp client

configuration group

Specifies the group whose policy profile is defined.

max-logins Limits the number of simultaneous logins for users in a specific server group.

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software netmask

netmask

To set the IP network mask, use the netmask command in ISAKMP group configuration mode. To disable this feature, use the no form of this command.

netmask mask no netmask mask

Syntax Description

Defaults The default is that the attribute is not sent to the VPN client.

Command Modes ISAKMP group configuration

Command History

Task ID

Examples The following example shows how to set the IP network mask:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# crypto isakmp client configuration group cisco

RP/0/0/CPU0:router(config-group)# netmask 255.255.255.0

Related Commands

mask IP network mask.

Release Modification

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software

netmask

Command Description

crypto isakmp client configuration group

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software pfs

pfs

To configure a server to notify the client of the central-site policy regarding whether PFS is required for any IP Security (IPSec) Security Association (SA), use the pfs command in ISAKMP group

configuration mode. To restore the default behavior, use the no form of this command. pfs

no pfs

Syntax Description This command has no arguments or keywords.

Defaults The server does not notify the client of the central-site policy regarding whether PFS is required for any IPSec SA.

Command Modes ISAKMP group configuration

Command History

Before you use the pfs command, you must first configure the crypto isakmp client configuration group command.

Task ID

Examples The following example shows that the server is configured to notify the client of the central-site policy regarding whether PFS is required for any IPSec SA:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# crypto isakmp client configuration group cisco

RP/0/0/CPU0:router(config-group)# pfs

Release Modification

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software

pfs

Related Commands Command Description crypto isakmp client

configuration group

Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software

In document Internet Key Exchange Security Protocol Commands on the Cisco IOS XR Software (Page 96-104)