Cisco 7604 Configuration Guide - Page 95
Changing Between Contexts and the System Execution Space
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 95 highlights
Chapter 4 Configuring Security Contexts Changing Between Contexts and the System Execution Space When you assign a context to a partition, then the partition becomes exclusive. An exclusive partition only includes contexts that you specifically assign to it. Partitions that do not have contexts specifically assigned to them are non-exclusive and contexts are allocated to them in a round-robin fashion. Note If you assign contexts to all partitions, then they are all exclusive. However, if you later add a context that is not assigned to a partition, then contexts are allocated to exclusive partitions in a round-robin fashion, and the first best-fit exclusive partition available is used for the allocation of the new context. However, if none of the exclusive partitions can accommodate the rules of the new context, then it is assigned to partition 0 by default, even though partition 0 also cannot accommodate the context rules. The context rules will not load completely, so you need to manually adjust the way contexts are assigned tomake room. For example, to assign the context to the first partition, enter the following command: hostname(config-ctx)# allocate-acl-partition 0 The following example sets the admin context to be "administrator," creates a context called "administrator" on the internal flash memory, and then adds two contexts from an FTP server: hostname(config)# admin-context administrator hostname(config)# context administrator hostname(config-ctx)# allocate-interface vlan10 hostname(config-ctx)# allocate-interface vlan11 hostname(config-ctx)# config-url disk:/admin.cfg hostname(config-ctx)# context test hostname(config-ctx)# allocate-interface vlan100 int1 hostname(config-ctx)# allocate-interface vlan102 int2 hostname(config-ctx)# allocate-interface vlan110-vlan115 int3-int8 hostname(config-ctx)# config-url ftp://user1:[email protected]/configlets/test.cfg hostname(config-ctx)# member gold hostname(config-ctx)# allocate-acl-partition 0 hostname(config-ctx)# context sample hostname(config-ctx)# allocate-interface vlan200 int1 hostname(config-ctx)# allocate-interface vlan212 int2 hostname(config-ctx)# allocate-interface vlan230-vlan235 int3-int8 hostname(config-ctx)# config-url ftp://user1:[email protected]/configlets/sample.cfg hostname(config-ctx)# member silver Changing Between Contexts and the System Execution Space If you log in to the system execution space (or the admin context using Telnet or SSH), you can change between contexts and perform configuration and monitoring tasks within each context. The running configuration that you edit in a configuration mode, or that is affected by the copy or write commands, depends on your location. When you are in the system execution space, the running configuration consists only of the system configuration; when you are in a context, the running configuration consists only of that context. For example, you cannot view all running configurations (system plus all contexts) by entering the show running-config command. Only the current configuration displays. You can, however, save all context running configurations from the system execution space using the write memory all command. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-31