About sjhloco

sjhloco · 05-22-2022

Hi, Am reaching out to see if anyone has any better information on these features as the Cisco documentation on both of them is pretty poor.BGP for transport side underlayThe guides I have read seem to suggest that if you are using BGP to get your de...

sjhloco · 05-05-2021

Hi, I am trying to workout a way to find the the last hit time for all the ACL rules on an FTD from the CLI. In ASAs you can use the show access-list all_name brief command and match the hashes from that with the hashes of the ACEs in an ACL to get t...

sjhloco · 01-13-2021

Hi, Does anyone know if is it possible to override the vMAC address for one specific specific distributed anycast-gateway SVI? From what I understand if you have a leaf and spine fabric with a pair of Leaf switches and pair of Border Gateway switche...

sjhloco · 07-08-2020

Hi, Has anyone come across issues with the naming of match statements in route-maps containing '>' or know of any documentation on what is allowed. I am trying to apply the following: ip prefix-list PL_OSPF98>>BGP65001_ME50 seq 5 permit 10.10.10.0/24...

sjhloco · 03-15-2019

Hi, With a vFTD setup as an inline-set transparent NGIPS using the bare minimal settings we get huge spikes in ICMP latency for traffic going through it. The example in this post is just a test lab to keep it simple and prove definitely that it is ...

sjhloco · 05-29-2022

I tried out reconfiguring the transport-side so the tunnel interface was on the actual physical interface (rather than a loopback) with "allow service BGP" and everything works as expected. As this works it negotiates any need to look at NATs on loo...

sjhloco · 05-23-2022

Thanks for the reply. Agree doesnt really make sense using loopback, am just trying to understand what the Cisco guides are suggesting and why.

sjhloco · 05-23-2022

Thanks for the information, I was wondering why it had the allow-service for BGP and OSPF if it wasn't meant to be done. I did try this out in a lab many months ago and seem to remember an issue with the the route being added but having no status (it...

sjhloco · 05-06-2021

Thanks for the response. The show rule hits doesn't work but by going into system support diagnostic-cli I can now run show access-list all_name brief and get the information I need, thanks

sjhloco · 05-05-2021

Hi, Guessing is probably not needed anymore but yes it can be done. To do it individually is pretty painful, you have to use show access-list all_name brief to to get the unix-time and match the hashes from that with the ACE hash (minus 0x at the sta...

Member Since	‎09-20-2010 11:49 AM
Date Last Visited	‎05-28-2024 01:05 AM
Posts	32
Total Helpful Votes Received	31

User Statistics

User Activity

SD-WAN BGP transport and DIA NAT using loopback address

See last time an ACL rule was hit from FTD CLI

Override the anycast-gateway-mac for one SVI on N9K

N9K route-map match doesn't accept '>'

Latency through a vFTD transparent NGIPS

Re: SD-WAN BGP transport and DIA NAT using loopback address

Re: SD-WAN BGP transport and DIA NAT using loopback address

Re: SD-WAN BGP transport and DIA NAT using loopback address

Re: See last time an ACL rule was hit from FTD CLI

Re: Attempt to clean-up ASA - Last rule hit