ACE 20 Modular - show tech too large

rc5295509 · ‎10-14-2014

Hi

A Client sent me a show tech of this ACE 20, is inserted into a VSS, but this file is very large, the reason is a command "show acl-merge merged-list vlan 93".. Somebody can tell me is this information is normal, or not, I think that is possible attack point to the farm server. the service is up, in the other ace20. the symptom is can not reach the VIP of the service.

`show acl-merge merge vlan 93 in`

All ACEs in merged list 5 Total:6377 Non-redundant:5608

Priority:164, Lineno:0, ACE-id:61470 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16779265[G:0,P:1,C:8,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:172.23.98.20/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

Priority:326, Lineno:0, ACE-id:61471 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16781313[G:0,P:1,C:16,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

Priority:487, Lineno:0, ACE-id:61472 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16783361[G:0,P:1,C:24,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

Priority:647, Lineno:0, ACE-id:61473 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16785409[G:0,P:1,C:32,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.61/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

Kanwaljeet Singh · ‎10-14-2014

Hi,

If it is ACL merge issue, generally removing and reapplying the configuration should help. The show tech attached is incomplete. Can you send the complete output and mention VIP with which you are facing issues?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

rc5295509 · ‎10-15-2014

Hi.

We reboot the ACE20, and let one contex in this module.. The services is OK now, but my only doub is why the show tech-support is too large and appear the out of command show acl-merge merged-list vlan 93, with a lot of line..

I try to run command "show tech-support" again and submit.