Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1391
Views
0
Helpful
3
Replies

VSG Policy enforcement when the VSG is offline?

Go to solution
markcis76h
Level 1
Level 1

‎02-05-2013 05:42 PM - edited ‎03-01-2019 10:51 AM

How are policies enforced when a VSG is offline, do port profiles with  a VSG policy attached start to drop all traffic until the VSG comes back online?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Laden
Level 4
Level 4

‎02-06-2013 11:50 PM

Configuring vPath and vServices

http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_4_1/vpath_vservices/reference/guide/vpath_vservices_config.html

The failmode default value is close.

Fail mode specifies the behavior when the VEM does not have connectivity to the service node. The default fail mode for ASA 1000V and VSG is close, which means that the packets will be dropped. The default fail mode for vWAAS is open, which means that packets will be forwarded. vPath 1.0 service nodes does not support service chaining. When using a vPath 1.0 service node in a chain, the traffic to that node goes into fail mode.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Daniel Laden
Level 4
Level 4

‎02-06-2013 11:50 PM

Configuring vPath and vServices

http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_4_1/vpath_vservices/reference/guide/vpath_vservices_config.html

The failmode default value is close.

Fail mode specifies the behavior when the VEM does not have connectivity to the service node. The default fail mode for ASA 1000V and VSG is close, which means that the packets will be dropped. The default fail mode for vWAAS is open, which means that packets will be forwarded. vPath 1.0 service nodes does not support service chaining. When using a vPath 1.0 service node in a chain, the traffic to that node goes into fail mode.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

0 Helpful

Go to solution
markcis76h
Level 1
Level 1
In response to Daniel Laden

‎02-07-2013 04:35 PM

Thanks, Dan! That is what I am looking for.

Do you know the best forum to dicuss the VSG?

Also, do you know what some of the benefits of the VSG over vShield App would be that are not obvious? I have the VSG setup and really like, trying to sell it to my boss but he wants to know why we should use it and not vShield App.

0 Helpful

Go to solution
Daniel Laden
Level 4
Level 4
In response to markcis76h

‎02-07-2013 04:44 PM

For TAC, VSG is supported by the firewall team.  The DC may have knowledge on how to dovetail into N1K.  For operations, you will probably want to post to the security page.

For a product comparison and how VSG stands out, you will want to engage with your Cisco account team or Cisco partner.  They will most likely assist you.  They have access to addtional resources as well.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

0 Helpful

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card
Top