Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is it possible to identify dynamic dns update packets using a class-map (and thus write a policy to drop them)? I see "match header-flag", "match dns-type", and "match dns-class" in the command reference, but I can't find anywhere that these values ...
I am trying to set up accounting from several FWSM contexts to a couple of (new) ACS servers. It generally works, but there are a few issues. This is the aaa configuration in the context I'm testing with:aaa-server tacacs-auth protocol tacacs+ reac...
Anybody have any idea what this FWSM error message means? According to "sh resource acl", I'm only using about 20% of the available ACEs.Cebalrai/BANNER# config tCebalrai/BANNER(config)# access-list sctprod-ingress line 20 extended permit tcp host ab...
What would be the proper syntax for a route-map to do the following for routes received from a specific bgp peer:1. accept all routes *except* default2. set the local-preference to a non-standard value.
What is the proper method for customers to submit feature requests?The specific feature I'm interested in deals with multiple context mode, where it would be extremely useful to re-use certain configuration elements (names, object-groups, etc.) in mu...
Well, I guess there's some confusion over terminology here, but that's not what I'm asking about. I don't care about the client-based commercial services. I'm wanting to block incoming standards-based (rfc 2136) dynamic updates to my dns servers. ...
"permit ip any any log" will get you non-tcp/udp stuff that might be interesting (gre, etc.), but is really not good for analyzing your tcp and udp traffic, which will be the bulk of you traffic.Better would be promote the tcp/udp connection build an...
Oops! That would be level "emergencies" instead of "alerts" (numerically, 0 not 7). Also, you might want to look at the "logging list " command; if the classes map well to what you want to see, it may simplify things for you (I've never used it, bu...
To minimize the number of messages that you have to disable, you can set the log-level to the most restrictive (7/alerts), and promote the messages that you want to see to that level:logging trap alertslogging message 302015 level alerts
