cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1079
Views
0
Helpful
3
Replies

VSG Policy enforcement when the VSG is offline?

markcis76h
Level 1
Level 1

How are policies enforced when a VSG is offline, do port profiles with  a VSG policy attached start to drop all traffic until the VSG comes back online?

1 Accepted Solution

Accepted Solutions

Daniel Laden
Level 4
Level 4

Configuring vPath and vServices

http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_4_1/vpath_vservices/reference/guide/vpath_vservices_config.html

The failmode default value is close.

Fail mode specifies the behavior when the VEM does not have connectivity to the service node. The default fail mode for ASA 1000V and VSG is close, which means that the packets will be dropped. The default fail mode for vWAAS is open, which means that packets will be forwarded. vPath 1.0 service nodes does not support service chaining. When using a vPath 1.0 service node in a chain, the traffic to that node goes into fail mode.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

View solution in original post

3 Replies 3

Daniel Laden
Level 4
Level 4

Configuring vPath and vServices

http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_4_1/vpath_vservices/reference/guide/vpath_vservices_config.html

The failmode default value is close.

Fail mode specifies the behavior when the VEM does not have connectivity to the service node. The default fail mode for ASA 1000V and VSG is close, which means that the packets will be dropped. The default fail mode for vWAAS is open, which means that packets will be forwarded. vPath 1.0 service nodes does not support service chaining. When using a vPath 1.0 service node in a chain, the traffic to that node goes into fail mode.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

Thanks, Dan! That is what I am looking for.

Do you know the best forum to dicuss the VSG?

Also, do you know what some of the benefits of the VSG over vShield App would be that are not obvious? I have the VSG setup and really like, trying to sell it to my boss but he wants to know why we should use it and not vShield App.

For TAC, VSG is supported by the firewall team.  The DC may have knowledge on how to dovetail into N1K.  For operations, you will probably want to post to the security page.

For a product comparison and how VSG stands out, you will want to engage with your Cisco account team or Cisco partner.  They will most likely assist you.  They have access to addtional resources as well.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: