10-14-2014 12:43 PM
Hi
A Client sent me a show tech of this ACE 20, is inserted into a VSS, but this file is very large, the reason is a command "show acl-merge merged-list vlan 93".. Somebody can tell me is this information is normal, or not, I think that is possible attack point to the farm server. the service is up, in the other ace20. the symptom is can not reach the VIP of the service.
`show acl-merge merge vlan 93 in`
All ACEs in merged list 5 Total:6377 Non-redundant:5608
Priority:164, Lineno:0, ACE-id:61470 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16779265[G:0,P:1,C:8,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:172.23.98.20/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0
Priority:326, Lineno:0, ACE-id:61471 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16781313[G:0,P:1,C:16,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0
Priority:487, Lineno:0, ACE-id:61472 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16783361[G:0,P:1,C:24,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0
Priority:647, Lineno:0, ACE-id:61473 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16785409[G:0,P:1,C:32,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.61/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0
10-14-2014 05:48 PM
Hi,
If it is ACL merge issue, generally removing and reapplying the configuration should help. The show tech attached is incomplete. Can you send the complete output and mention VIP with which you are facing issues?
Regards,
Kanwal
Note: Please mark answers if they are helpful.
10-15-2014 06:39 AM
Hi.
We reboot the ACE20, and let one contex in this module.. The services is OK now, but my only doub is why the show tech-support is too large and appear the out of command show acl-merge merged-list vlan 93, with a lot of line..
I try to run command "show tech-support" again and submit.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: