I´ve just added the IDSM-2 blades on a 6500 and configured it but it did not work as I planned.
This picture is a little scale what I tried to do, actually I had more vlans on the inspection.
I have 2 cores and a portchannel trunk in between them and for redundancy I´m using HSRP as the config shows.
After I congfigured I´ve got these msgs and I could not figure out how to stop it:
%MAC_MOVE-SP-4-NOTIF: Host 001a.a2e4.e800 in vlan 6 is flapping between port Gi6/d1 and port Po1
%MAC_MOVE-SP-4-NOTIF: Host 001a.a2e4.e800 in vlan 7 is flapping between port Gi6/d1 and port Po1
MAC 001a.a2e4.e800 is from Core2
%MAC_MOVE-SP-4-NOTIF: Host 0022.557b.c340 in vlan 6 is flapping between port and port Po1
%MAC_MOVE-SP-4-NOTIF: Host 0022.557b.c340 in vlan 7 is flapping between port Po1 and port
Mac 0022.557b.c340 is from Core1
There was only one VLAN pair that did not have this problem, which was the VLAN L2 for the ISP router and the VLAN Outside for the FWSM . It also was the only VLAN that did not have HSRP working, I dont know if it has something to do.
The Core 1 is the STP Root with priority of Zero and the Core 2 is the Backup Root with priority 4096
I see this log message frequently when using a switch to feed an IPS sensor if the same Ethernet frame is entering the same VLAN on two different interfaces. I can;t tell how your traffic is flowing but I think you have the same issue.
In my case it was not anything to worry about so I just ignored the messages.
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...
Purpose of this article is to share our experience during that Covid-19 period where we were able to successfully setup a VPN configuration for remote worker using Alcatel 8068S phones with FTD 2110 running 220.127.116.11.I would like to thank all of my colleagu...
If you have ever configured central web authentication with ISE you understand that it requires one to configure ACL that dictates what traffic is to be redirected vs. let through without redirection. You also understand that this ACL needs to be config...
Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that can manage security products like the Adaptive Security Appliance (ASA), the Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.&nb...