HP MSR2000/3000/4000 Router Series Security Command Reference
376
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Specifies an IPv6 ACL. To specify an IPv4 ACL, do not specify this keyword.
acl-number: Specifies an ACL by its number in the range of 2000 to 3999.
aging-time time-value: Sets the aging time for persistent sessions in hours. The value range for the
time-value argument is 0 to 360, and the default value is 24. To disable the aging for persistent sessions,
set the value to 0 hours.
Usage guidelines
This command is effective on only TCP sessions in ESTABLISHED state.
For a TCP session in ESTABLISHED state, the priority of the aging time is as follows:
• Aging time for persistent sessions.
• Aging time for sessions of application layer protocols.
• Aging time for sessions in different protocol states.
A never-age-out session is not removed until the device receives a connection close request from the
initiator or responder, or you manually clear the session entries.
Examples
# Specify IPv4 ACL 2000 for identifying persistent sessions and set the aging time to 72 hours, so that
the IPv4 sessions that permitted by ACL 2000 are persistent sessions with the aging time as 72 hours.
<Sysname> system-view
[Sysname] session persistent acl 2000 aging-time 72
# Specify IPv6 ACL 3000 for identifying persistent sessions and set the aging time to 100 hours, so that
the IPv6 sessions that permitted by ACL 3000 are persistent sessions with the aging time as 100 hours.
<Sysname> system-view
[Sysname] session persistent acl ipv6 3000 aging-time 100
Related commands
• session aging-time application
• session aging-time state
session max-entries
Use session max-entries to set the maximum number of sessions allowed on the device.
Use undo session max-entries to restore the default.
Default
The setting depends on your device model.
Syntax
session max-entries max-value
undo session max-entries