We have a couple of 6509s with the firewall module (WS-SVC-FWM-1) in them. There is a redundant link between the switches and the firewalls are set for active/passive. They're set up like this with 2 Nexus 5ks behind them:
Last night the network failed behind the 6500s. The only errors we received on the 6500:
Aug 15 19:16:28.002 AWST: %SEC-6-IPACCESSLOGDP: list restrict-UPS-SC denied icmp 172.16.200.1 -> 172.16.40.179 (0/0), 1 packet
Aug 15 19:16:49.510 AWST: %SEC-6-IPACCESSLOGDP: list restrict-UPS-SC denied icmp 172.16.200.22 -> 172.16.40.29 (0/0), 1 packet
Aug 15 19:23:08.540 AWST: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
Aug 15 19:23:08.652 AWST: %SVCLC-SW2_STBY-5-FWTRUNK: Firewalled VLANs configured on trunks
Aug 15 20:00:58.425 AWST: %SEC-6-IPACCESSLOGDP: list restrict-UPS-SC denied icmp 172.16.205.2 -> 172.16.40.16 (0/0), 1 packet
Aug 15 20:44:01.010 AWST: %SEC-6-IPACCESSLOGDP: list restrict-UPS-SC denied icmp 172.16.200.10 -> 172.16.40.192 (0/0), 1 packet
And on the firewall modules:
/InternalFW/act# sh logg
Syslog logging: enabled
Timestamp logging: enabled
Name logging: enabled
Standby logging: disabled
Deny Conn when Queue Full: disabled
Console logging: level errors, class auth, 1514 messages logged
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...
We know that the Type-1 LSA describes the link type connected to the router, the neighbor router and the subnet number.In this topology, assume we dont have a Type-2 LSA, so each router will create its own Type-1 LSA, the Type-1 LSA will describe the neig...
Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center Wireless. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Q. I have a Cisco Appl...
Why IETF changed and inverted OSPF Type-7 LSA VS Type-5 LSA election In RFC 3101 compared to OLD RFC 1587?Many people learns that the Type-7 LSA and Type-5 election (ON Versus OE routes) depends on RFC 3101 for NSSA published in 2003 and RFC 1587 for NSSA...