12-02-2009 03:16 AM - edited 03-11-2019 09:44 AM
Hi all,
I got an ASA5520 with a CSC-SSM-10 (100 nodes) in use. There are about 200 host behind.
What happen, when the node license will be overrun. E.g. all 200 hosts are connecting through the firewall/contentfilter
at the same time?
Thanks,
Norbert
Solved! Go to Solution.
12-02-2009 08:00 PM
You can issue "sh csc node-count" on the ASA CLI.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1362072
License upgrade notice Error Message license-upgrade-notice: Your daily node counts (daily_count) has
exceeded your licensed seats (seats) by offset. Please upgrade your license.
Example:
License-upgrade-notice: Your daily node counts (300) has exceeded your licensed seats (100) by 200. Please upgrade your license.
Explanation This system log message is generated when CSC SSM detects more nodes connected to the CSC SSM than are specified in the current license. In addition to this message, a notification e-mail is sent to the administrator.
• daily_count—The daily node count that has connected to the CSC SSM • seats—The number of seats of the CSC SSM license • offset—The daily count minus the number of seats
Recommended Action Contact Cisco for a license upgrade.
You can read the above in the csc module admin guide here: http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/cscbook.pdf
-KS
12-02-2009 08:00 PM
You can issue "sh csc node-count" on the ASA CLI.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1362072
License upgrade notice Error Message license-upgrade-notice: Your daily node counts (daily_count) has
exceeded your licensed seats (seats) by offset. Please upgrade your license.
Example:
License-upgrade-notice: Your daily node counts (300) has exceeded your licensed seats (100) by 200. Please upgrade your license.
Explanation This system log message is generated when CSC SSM detects more nodes connected to the CSC SSM than are specified in the current license. In addition to this message, a notification e-mail is sent to the administrator.
• daily_count—The daily node count that has connected to the CSC SSM • seats—The number of seats of the CSC SSM license • offset—The daily count minus the number of seats
Recommended Action Contact Cisco for a license upgrade.
You can read the above in the csc module admin guide here: http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/cscbook.pdf
-KS
12-03-2009 12:27 PM
Those are concurrent license, aren't they?
12-03-2009 01:10 PM
sh csc node-count - That is a dialy node count over a 24 hour period.
daily_count—The daily node count that has connected to the CSC SSM •
Check the CSC module sizing guide for concurrent connection limits:
-KS
02-15-2011 11:02 PM
Hello,
What will happens with traffic from nodes that are overrun allowed license.
Will this traffic blocked, or just it will not be scaned by CSC module?
Thank you in advance.
with best regards,
D
04-17-2012 02:08 AM
Even after the license violation the traffic for all the users will be scanned by the module.
Despite the error message that you are seeing, the CSC will not drop connections due strictly to license violations. It is only a warning at this point. With a high number of nodes, it is likely that you are overwhelming the CSC processing capacity. If the users are overly aggressive in their connections, they can easily max out the capacity.
For the CSC SSM user license, 1 user = 1 IP address. The IP is counted by the ASA itself, not by the CSC.
Puneet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide