如何配置65、76 FWSM防火牆模塊
1、
首先我們先要在交換機上定義那些VLAN是放在防火牆模塊後面的(也就是說這些VLAN是不可以直接路由出去)放置在FWSM模塊後是爲了避免外界直接訪問到該VLAN,從而避免外界***。通常是一些重要的服務器VLAN。
定義那些VLAN與防火牆模塊起到關聯作用:
firewall vlan-group 1
64,68,997-999
在這裏我們使用了 VLAN 64、68、997-999,其中vlan 64、68是服務器VLAN。Vlan997是防火牆的外網口也是整個虛擬防火牆的共享接口。Vlan998、999作爲雙防火牆failover接口。
我們先在覈心交換機65、76上定義一個Vlan-group組
firewall module 6 vlan-group 1
再把這個組捆綁到防火牆模塊對應的插槽上去,這樣防火牆在交換機上的配置就完成了。
2、
我們進入防火牆模塊來進行FWSM部分的配置
通過以下命令來進入FWSM:
kc_Swi6509_A10# session slot 6 processor 1 (命令)
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.61 ... Open
User Access Verification
Password: cisco 防火牆密碼,其總登陸密碼和Enable密碼都爲cisco
Type help or '?' for a list of available commands.
KC>
我們現在進入的是防火牆模塊的配置模式。
通過命令KC# configure terminal 來進入全局配置模式KC(config)#
在全局配置模式中,我們可以修改FWSM模塊的系統名、enable password、模塊使用模式(路由、透明模式)。
中化集團現購買了20個防火牆licence可以使用虛擬防火牆數量爲20個。在防火牆模塊配置模式下建立管理關聯。
管理關聯命令:
KC(config)# admin-context admin
建立之後對這個管理關聯進行配置。
KC(config)# context admin 進入管理關聯配置模式
KC(config-ctx)# allocate-interface vlan997 指派一個端口作爲管理關聯的共享出口,也就是交換機上建立的SVI vlan 997接口。
配置關聯後需要指定一個關於vlan997的存放文件路徑
KC(config-ctx)# config-url disk:/vlan997.cgf
當管理關聯建立後,我們就可以開始建立多虛擬防火牆了。
我們在交換機上建立了vlan-group,並映射到模塊,此時可以在模塊上進行相關vlan的查看。
查看捆綁VLAN是否映射正常的命令:
KC(config)# show vlan
64, 68, 997-999
(先前在交換機上配置的映射是正常的)
此時我們就尅建立關於VLAN 64的關聯,此關聯含義是把一個端口與另一個端口進行關聯。
配置命令:
KC(config)# context vlan64
建立VLAN 64關聯後就可以定義哪些接口與VLAN 64關聯了。我們需要定義2個接口,如同PIX的原理相似。
配置命令:
KC(config-ctx)# descripttion
kc_sever_64
(爲這個關聯添加一個描述)
KC(config-ctx)# allocate-interface Vlan64
(首先定義一個VLAN 64的接口)
KC(config-ctx)# allocate-interface Vlan997
(然後定義一個VLAN 997共享端口)
KC(config-ctx)# config-url disk:/vlan64.cgf
(存儲一個關於這個關聯的文件URL連接)
3、虛擬防火牆關聯就建立完畢,配置過後需要進入每個獨立的虛擬防火牆進行配置。
轉換到每個獨立防火牆的命令:
KC# changeto context vlan64
(使用changeto 命令可以進入虛擬防火牆,如果需要從單獨的虛擬防火牆轉換到防火牆模塊可以使用KC/vlan64# changeto system)
進入VLAN 64這個虛擬防火牆後的配置如同PIX一樣。
我們需要定義這個虛擬防火牆的內、外網口。需要保護的VLAN 64爲我們的內網口,而共享端口VLAN 997則是我們的外網口。
配置命令:
KC/vlan64(config)# interface vlan 64
(進入vlan 64這個接口)
KC/vlan64(config-if)# nameif inside
(定義這個接口爲防火牆的內部接口)
KC/vlan64(config-if)# security-level 100
(定義這個接口的安全級別,100爲完全信任)
KC/vlan64(config-if)#ip address 172.17.62.64 255.255.255.0 standby 172.17.62.164
(配置這個接口的地址以及HSRP地址)
配置外網口命令示例:
KC/vlan64(config)# interface vlan 997
(進入vlan 997這個接口)
KC/vlan64(config-if)# nameif outside
(定義這個接口爲防火牆的外部接口)
KC/vlan64(config-if)# security-level 0
(定義這個接口的安全級別, 0爲不信任)
KC/vlan64(config-if)# ip address 172.17.62.64 255.255.255.0 standby 172.17.62.164
(配置這個接口的地址以及VLAN 997的HSRP地址)
這是防火牆內部的接口就全部配置完畢了。
4、配置虛擬防火牆內的路由、NAT等信息。
如果我們需要讓內外全部Ping通防火牆內部的某臺主機或服務器,我們需要開啓2層的ICMP報文,否則虛擬防火牆是不允許使用Ping命令的。
配置命令:
KC/vlan64(config)# icmp permit any inside
允許內部出去的ICMP報文
KC/vlan64(config)# icmp permit any outside
允許外部進來的ICMP報文
我們仍然需要定義關於2層和3層的協議在進入和離開的規則。
配置命令:
access-list inside extended permit ip any any
access-list outside extended permit ip any any
access-list inside extended permit icmp any any
access-list outside extended permit icmp any any
access-group inside in interface inside
access-group outside in interface outside
(允許內部外部的IP和ICMP報文通過,及定義內外接口)
安全定義完畢後進行NAT和路由的定義。
由於防火牆內部地址不需要轉換所以我們做NAT時使用靜態轉換。
配置命令:
static (inside,outside) 172.17.64.0 172.17.64.0 netmask 255.255.255.255
(由於不需做任何轉換,所以地址只需要原文翻譯即可)
route outside 0.0.0.0 0.0.0.0 172.17.62.1 1
(讓虛擬防火牆可以通過vlan 997接口訪問外網,需要寫一條靜態路由指向 vlan 997接口,作爲內網的出接口)
5、配置雙核心防火牆模塊關聯failover。
在配置failover之前必須在交換機上建立2個SVI接口,這2個接口是爲了failover trunk使用的。且這2個接口可以通過核心交換機直接Ping通。
Failover的配置命令如下:
failover
failover lan unit primary
failover lan interface faillink Vlan998
failover replication http
failover link statelink Vlan999
failover interface ip faillink 172.17.63.2 255.255.255.252 standby 172.17.63.1
failover interface ip statelink 172.17.63.6 255.255.255.252 standby 172.17.63.5
配置:
模塊全局配置:
KC# sh run
: Saved
:
FWSM Version 3.1(3) <system>
!
resource acl-partition 12
hostname KC
enable password 2KFQnbNIdI.2KYOU encrypted
!
interface Vlan64
!
interface Vlan65
!
interface Vlan68
!
interface Vlan997
!
interface Vlan998
descripttion LAN Failover Interface
!
interface Vlan999
descripttion STATE Failover Interface
!
passwd 2KFQnbNIdI.2KYOU encrypted
class default
limit-resource All 0
limit-resource IPSec 5
limit-resource Mac-addresses 65535
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface faillink Vlan998
failover replication http
failover link statelink Vlan999
failover interface ip faillink 172.17.63.2 255.255.255.252 standby 172.17.63.1
failover interface ip statelink 172.17.63.6 255.255.255.252 standby 172.17.63.5
no asdm history enable
arp timeout 14400
console timeout 5
admin-context admin
context admin
allocate-interface Vlan997
config-url disk:/vlan997.cgf
!
context vlan64
descripttion kc_sever_64
allocate-interface Vlan64
allocate-interface Vlan997
config-url disk:/vlan64.cgf
!
context vlan68
descripttion kc_server_68
allocate-interface Vlan68
allocate-interface Vlan997
config-url disk:/vlan68.cfg
!
prompt hostname context
Cryptochecksum:6e655934ad4a33f6b65bc55ce5264d72
: end
主模塊裏獨立的虛擬防火牆配置:
KC# sh running-config
: Saved
:
FWSM Version 3.1(3)
!
hostname KC
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan64
no nameif
no security-level
no ip address
!
interface Vlan997
nameif outside
security-level 0
ip address 172.17.62.64 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside extended permit icmp any any
pager lines 24
mtu outside 1500
no failover
icmp permit any outside======>最關鍵的一句話~
no asdm history enable
arp timeout 14400
access-group outside out interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
class-map default
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect skinny
inspect smtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:34e42d2b655b64d84dd090a73435fb40
: end
防火牆模塊show tech信息
KC# show tech-support
FWSM Firewall Version 3.1(3) <system>
Device Manager Version 5.0(1)F
Compiled on Thu 06-Jul-06 12:44 by dalecki
KC up 9 days 21 hours
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash SMART CF @ 0xc321, 20MB
0: Int: Not licensed : irq 5
1: Int: Not licensed : irq 7
2: Int: Not licensed : irq 11
Licensed features for this platform:
Maximum Interfaces : 1000
Inside Hosts : Unlimited
Failover : Active/Active
***-DES : Enabled
***-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 20
GTP/GPRS : Disabled
*** Peers : Unlimited
Serial Number: SAD1119063U
Running Activation Key: 0x8fd2c995 0xf47741ed 0xdf5360f1 0xab015cc0
Configuration has not been modified since last system restart.
------------------ show clock ------------------
10:08:36.510 UTC Mon Sep 3 2007
------------------ show memory ------------------
Free memory: 770429504 bytes (72%)
Used memory: 303312320 bytes (28%)
------------- ----------------
Total memory: 1073741824 bytes (100%)
------------------ show blocks ------------------
SIZE MAX LOW CNT
4 1800 1792 1800
80 1000 979 983
256 1600 1532 1588
1550 11575 11507 11538
2048 1384 1352 1383
16384 8192 7678 7682
------------------ show blocks queue history detail ------------------
History buffer memory usage: 2136 bytes (default)
------------------ show nic ------------------
interface gb-ethernet0 is up, line protocol is up
Hardware is i82543 rev02 gigabit ethernet, address is 0018.7475.9c80
PCI details are - Bus:0, Dev:0, Func:0
MTU 16000 bytes, BW 1 Gbit full duplex
120 packets input, 82102594830336 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
920125 packets output, 413717208733057024 bytes, 0 underruns
input queue (curr/max blocks): hardware (0/2) software (0/0)
output queue (curr/max blocks): hardware (0/7) software (0/0)
interface gb-ethernet1 is up, line protocol is up
Hardware is i82543 rev02 gigabit ethernet, address is 0018.7475.9c80
PCI details are - Bus:0, Dev:0, Func:0
MTU 16000 bytes, BW 1 Gbit full duplex
774540 packets input, 401661544770830336 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4 packets output, 1477468749824 bytes, 0 underruns
input queue (curr/max blocks): hardware (0/4) software (0/0)
output queue (curr/max blocks): hardware (0/1) software (0/0)
------------------ show interface ------------------
Interface GigabitEthernet0 "", is up, line protocol is up
Hardware is i82543 rev02, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 0018.7475.9c80, MTU not set
IP address unassigned
120 packets input, 19116 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
920126 packets output, 96326160 bytes, 0 underruns
0 output errors, 0 collisions
0 late collisions, 0 deferred
input queue (curr/max blocks): hardware (0/2) software (0/0)
output queue (curr/max blocks): hardware (0/7) software (0/0)
Control Point Interface States:
Interface number is unassigned
Interface GigabitEthernet1 "", is up, line protocol is up
Hardware is i82543 rev02, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 0018.7475.9c80, MTU not set
IP address unassigned
774543 packets input, 93519550 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
4 packets output, 344 bytes, 0 underruns
0 output errors, 0 collisions
0 late collisions, 0 deferred
input queue (curr/max blocks): hardware (0/4) software (0/0)
output queue (curr/max blocks): hardware (0/1) software (0/0)
Control Point Interface States:
Interface number is unassigned
Interface Vlan64 "", is up, line protocol is up
Hardware is EtherSVI
Available for allocation to a context
MAC address 0018.7475.9c80, MTU not set
IP address unassigned
Control Point Interface States:
Interface number is unassigned
Interface Vlan65 "", is down, line protocol is down
Hardware is EtherSVI
Available for allocation to a context
MAC address 0018.7475.9c80, MTU not set
IP address unassigned
Control Point Interface States:
Interface number is unassigned
Interface Vlan68 "", is up, line protocol is up
Hardware is EtherSVI
Available for allocation to a context
MAC address 0018.7475.9c80, MTU not set
IP address unassigned
Control Point Interface States:
Interface number is unassigned
Interface Vlan997 "", is up, line protocol is up
Hardware is EtherSVI
Available for allocation to a context
MAC address 0018.7475.9c80, MTU not set
IP address unassigned
Control Point Interface States:
Interface number is unassigned
Interface Vlan998 "faillink", is up, line protocol is up
Hardware is EtherSVI
Descripttion: LAN Failover Interface
MAC address 0018.7475.9c80, MTU 1500
IP address 172.17.63.2, subnet mask 255.255.255.252
Traffic Statistics for "faillink":
278966 packets input, 76 bytes
424106 packets output, 38966208 bytes
427223 packets dropped
Control Point Interface States:
Interface number is 1
Interface config status is active
Interface state is active
Control Point Vlan998 States:
Interface vlan config status is active
Interface vlan state is UP
Interface Vlan999 "statelink", is up, line protocol is up
Hardware is EtherSVI
Descripttion: STATE Failover Interface
MAC address 0018.7475.9c80, MTU 1500
IP address 172.17.63.6, subnet mask 255.255.255.252
Traffic Statistics for "statelink":
278079 packets input, 68 bytes
278133 packets output, 20451668 bytes
427224 packets dropped
Control Point Interface States:
Interface number is 2
Interface config status is active
Interface state is active
Control Point Vlan999 States:
Interface vlan config status is active
Interface vlan state is UP
Interface EOBC0 "eobc", is up, line protocol is up
Hardware is PCnet79C972, BW 10000 Mbps
(Half-duplex), 10 Mbps(100 Mbps)
MAC address 0000.1600.0000, MTU 1500
IP address 127.0.0.61, subnet mask 255.255.255.0
Control Point Interface States:
Interface number is 259
Interface config status is active
Interface state is active
------------------ show cpu usage ------------------
CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%
------------------ show process ------------------
PC SP STATE Runtime SBASE Stack Process
Lwe 00105d65 01c93918 0133d3a8 0 01c93190 1928/2048 block_diag
Mrd 001eb53e 01c9b118 0133d458 369486580 01c971c0 15752/16384 Dispatch Unit
Mwe 00118091 0a4eb6c0 0133d360 0 0a4e9748 7788/8192 Reload Control Thread
Mwe 0011c366 0a4ee890 0133f1f0 0 0a4ec948 8008/8192 aaa
Lwe 001ea9ea 0a4f2540 013b5310 0 0a4f15c8 3388/4096 dbgtrace
Mwe 005eff89 0a597ce0 0143bc18 0 0a596d78 3944/4096 ibm_4gs3_connstate_thread
Mwe 00c5b655 0a59f760 0133d360 0 0a59efd8 1628/2048 Chunk Manager
Msi 0074162e 0a5a7f78 0133d360 1265 0a5a7010 3588/4096 PIX Garbage Collector
Lsi 00ae41c9 0a5a90b8 0133d360 192 0a5a8130 3492/4096 route_process
Mwe 007303dd 0a5b0d60 012b9120 0 0a5afde8 3960/4096 IP Address Assign
Mwe 00928695 0a61d600 012c39e8 0 0a61ce88 1912/2048 QoS Support Module
Mwe 007a3331 0a61df58 012b9dac 0 0a61d7e0 1912/2048 Client Update Task
Lwe 00c73dd1 0a61f0f0 0133d360 1091507 0a61e978 1528/2048 Checkheaps
Mwe 00966221 0a624440 0133d360 190 0a6234d8 3356/4096 Session Manager
Mwe 00a6c7bd 0a62efb8 0a63a178 8639 0a62b0d0 15636/16384 uauth
Mwe 00a054f1 0a631120 012d87d0 0 0a62f1a8 7660/8192 Uauth_Proxy
Mwe 00a6854d 0a633b20 012dab80 0 0a631be8 7612/8192 SMTP
Mwe 00a573e5 0a635c60 012da558 0 0a633d08 7276/8192 Logger
Mwe 00a58d21 0a637da0 0133d360 0 0a635e28 7116/8192 Thread Logger
Mwe 00b5f3fb 0a63cb30 013051a0 0 0a63abc8 6956/8192 ***lb_thread
Mwe 00bbc69d 0a63db80 013d1ea8 83 0a63cce8 3228/4096 ScpIncomingThread
Mwe 00bbba25 0a63fd10 01305c8c 18347 0a63de08 7052/8192 ScpManagerThread
Mwe 00a6ed29 0aab4500 012db590 2 0aab2598 7772/8192 tcp_fast
Msi 00a6ea5f 0aab65c8 0133d360 40 0aab4670 7756/8192 tcp_slow
Mwe 00a7ed2b 0ab8a140 012db710 0 0ab891d8 3944/4096 udp_timer
Mwe 00bbb9cd 0ab8b2e8 01305c94 17208 0ab8a390 3704/4096 ScpSendReqThread
Msi 004b0863 0a59de30 0133d360 5215 0a59ceb8 2908/4096 arp_timer
Lsi 004bd8b6 0d574b30 0133d360 4494 0d573bb8 3676/4096 FragDBGC
Mwe 004bb571 0d575b48 013d1e20 0 0d574be0 3868/4096 arp_forward_thread
Mrd 0062feae 0d5ac958 0133d458 209215463 0d5aaa50 7780/8192 snp_timer_thread
Msi 00bbd63d 0a595860 0133d360 98 0a5948e8 3744/4096 ScpPollingThread
Msi 00d2545a 0e502dd8 0133d360 2206 0e501e80 3712/4096 doorbell_poll
Mwe 00b6db75 0eb63b70 0152fde8 10222 0eb62bf8 1996/4096 np/wrapper
Lwe 00ae8a15 0eb66738 012df498 0 0eb657c0 3960/4096 route resend process
Lwe 004b2179 0eb67858 00f369c0 0 0eb668e0 3744/4096 arp resend thread
Mwe 004b1f79 0eb68978 00f369c8 9 0eb67a00 2604/4096 arp send process
Mwe 00bb5705 0eb69a98 01305a9c 0 0eb68b20 3960/4096 mfib send process
Mwe 00bafc27 0eb6bbb8 0133d360 31 0eb69c40 5644/8192 np_cls_download_process
Mwe 00171679 0a598ba0 0133d360 0 0a598418 1832/2048 CTCP Timer process
Mwe 00185ee8 0eb70328 0a5990d8 0 0eb6e3b0 7716/8192 IPsec message handler
Msi 00195841 0eb72340 0133d360 5137 0eb703d8 7824/8192 CTM message handler
Mwe 00b11885 0a59a420 0133d360 0 0a5994c8 3832/4096 L2TP data daemon
Mwe 00b11675 0eb73418 0133d360 0 0eb724b0 3848/4096 L2TP mgmt daemon
Mwe 00afb1ef 0ebab790 012fff38 376 0eba7828 16184/16384 ppp_timer_thread
Msi 00b5fdda 0ebad890 0133d360 1823 0ebab948 7792/8192 ***lb_timer_thread
Mwe 001e3ef9 0ec1f318 00ef5b50 3 0ebff3c0 124020/131072 tmatch compile thread
Mwe 008708c5 0ecdcc20 0133d360 0 0ecd8c98 15964/16384 Crypto PKI RECV
Mwe 00876675 0ecded30 0133d360 0 0ecdcdb8 7756/8192 Crypto CA
Lsi 00756891 100f6788 0133d360 1327 100f5810 3676/4096 xlate clean
Lsi 007566d0 100f77b0 0133d360 796 100f6838 1628/4096 maintain random data
Lsi 00761e31 10ad5988 0133d360 17727 10ad3a10 7660/8192 Host object cleaner
Lsi 0073b61c 0a596b70 0133d360 5798 0a595bf8 1608/4096 perfmon
Mwe 004483bd 0a4f3660 0133d360 0 0a4f26e8 3864/4096 IKE Timekeeper
Mwe 0043a19d 10ae0d40 00f363a8 0 10add0e8 15404/16384 IKE Daemon
Mwe 00761a65 10af8180 01468a00 0 10af6238 7716/8192 url_filter
Mwe 00761a65 10afa2a0 01468d00 0 10af8358 7716/8192 dns
Mwe 00761a65 10afc3c0 014689d0 0 10afa478 7716/8192 activex
Mwe 00761a65 10afe4e0 01468a60 0 10afc598 7716/8192 java
Mwe 00761a65 10b00600 01468a90 0 10afe6b8 7716/8192 domain
Mwe 00761a65 10b02720 014688e0 0 10b007d8 7716/8192 http
Mwe 00761a65 10b04840 01468940 0 10b028f8 7716/8192 h323_h225
Mwe 00761a65 10b06960 01468be0 0 10b04a18 7716/8192 h323_ras
Mwe 00761a65 10b08a80 01468b20 0 10b06b38 7716/8192 ils
Mwe 00761a65 10b0aba0 01468dc0 0 10b08c58 7716/8192 sunrpc
Mwe 00761a65 10b0ccc0 01468dc0 0 10b0ad78 7716/8192 rpc
Mwe 00761a65 10b0ede0 01468970 0 10b0ce98 7716/8192 rsh
Mwe 00761a65 10b10f00 01468a30 0 10b0efb8 7716/8192 rtsp
Mwe 00761a65 10b13020 01468910 0 10b110d8 7716/8192 smtp
Mwe 00761a65 10b15140 014689a0 0 10b131f8 7716/8192 sqlnet
Mwe 00761a65 10b17260 01468ac0 0 10b15318 7716/8192 sip
Mwe 00761a65 10b19380 01468af0 0 10b17438 7716/8192 skinny
Mwe 00761a65 10b1b4a0 01468b80 0 10b19558 7716/8192 sunrpc_udp
Mwe 00761a65 10b1d5c0 01468b80 0 10b1b678 7716/8192 rpc_udp
Mwe 00761a65 10b1f6e0 01468bb0 0 10b1d798 7716/8192 xdmcp
Mwe 00761a65 10b21800 01468cd0 0 10b1f8b8 7716/8192 udp_sip
Mwe 00761a65 10b23920 01468c70 0 10b219d8 7716/8192 netbios
Mwe 00761a65 10b25a40 01468ca0 0 10b23af8 7716/8192 ctiqbe
Mwe 00761a65 10b27b60 01468d60 0 10b25c18 7716/8192 ftp_filter_command
Mwe 00761a65 10b29c80 01468d90 0 10b27d38 7716/8192 https_filter
Mwe 00761a65 10b2bda0 01468c10 0 10b29e58 7716/8192 mgcp
Mwe 00761a65 10b2dec0 01468e50 0 10b2bf78 7716/8192 tftp
Mwe 00761a65 10b2ffe0 01468d30 0 10b2e098 7716/8192 snmp
Mwe 00761a65 10b32100 01468c40 0 10b301b8 7716/8192 pptp
Mwe 00761a65 10b34220 01468b50 0 10b322d8 7716/8192 gtp
Mwe 00761999 10b36370 01468f10 0 10b343f8 7716/8192 fast_fixup
Mwe 00761999 10b37490 01468f40 0 10b36518 3308/4096 pkt to IPstack
Mwe 00761999 10b395b0 01468f70 0 10b37638 7716/8192 syslog_entry
Mwe 00761999 10b3b6d0 01468fa0 0 10b39758 7716/8192 fornax_pk_lu_process
Mwe 00761999 10b3d7f0 01468fd0 0 10b3b878 7716/8192 indication handler
Mwe 00761999 10b41910 01469000 0 10b3d998 15908/16384 AAA/events
Mwe 00761999 10b43a30 01469030 39 10b41ab8 7468/8192 np/show
Mwe 00761999 10b44b50 01469060 0 10b43bd8 3620/4096 pkt_capture
Mwe 001f43d7 117381e8 00d4f8a0 1567 117309a0 30172/32768 ci/console
Mwe 003b3c99 1173aa38 0133d360 14 11738ac0 5692/8192 fover_thread
Mwe 00add766 1173bb18 01506e78 516 1173abe0 1772/4096 lu_ctl
Csi 00772cc9 1173cc68 0133d360 25632 1173bd00 3228/4096 update_cpu_usage
Mwe 004bb821 1173dd98 013d1ea0 0 1173ce20 3564/4096 d2_receive_thread
Msi 0077347d 11743f28 0133d360 4312 11742060 7556/8192 NIC status poll
Mwe 003a2165 11748b48 013bf4a0 1432 11746c10 5452/8192 fover_rx
Mwe 003a3f8d 0a6211b8 013bf4f8 297 0a620240 1612/4096 fover_tx
Mwe 003aaa61 11749bb0 013d1e98 1650 11748c38 1228/4096 fover_ip
Mwe 003b4849 1174da78 013bf50c 335 11749d10 11884/16384 fover_rep
Mwe 003a494a 11751a98 013bf514 16693 1174de30 12044/16384 fover_parse
Mwe 0039758e 11752e98 013bd668 1 11751f50 1724/4096 fover_ifc_test
Mwe 00398a69 11754fe8 0133d360 89112 11753070 4876/8192 fover_health_monitoring_thread
Mwe 003c3db1 11758330 0133d360 4543 117573b8 2700/4096 ha_trans_ctl_tx
Mwe 003c3db1 1176a478 0133d360 2722 11769500 3228/4096 ha_trans_data_tx
Mwe 003bc16d 1176c598 0133d360 4 1176a620 5324/8192 fover_FSM_thread
Mwe 00addc21 1176d6b8 013d1f70 1546 1176c740 1388/4096 lu_rx
Lwe 00addbc9 1176e7e8 01506da8 0 1176d860 3976/4096 lu_dynamic_sync
Mwe 004a864d 117f2e88 013d2040 4165 117f0f20 7400/8192 IP Thread
Mwe 004ae59d 117f4fb8 013d2000 33 117f3040 7124/8192 ARP Thread
Mwe 003f5ff5 117f70d8 013d1e90 0 117f5160 6972/8192 icmp_thread
Mwe 00a7ed83 117f81d8 0133d360 0 117f7280 3644/4096 udp_thread
Mwe 00a6f209 117fa1f8 013d2038 1195 117f83a0 6984/8192 tcp_thread
Mwe 00a6cbdf 117fc318 11ff9278 0 117fa4c0 7300/8192 listen/telnet
M* 00a6e017 0009feec 0133d458 585 11ff9780 9900/16384 telnet/ci
- - - - 272878845 - - scheduler
- - - - 852939290 - - total elapsed
------------------ show failover ------------------
Failover On
Failover unit Primary
Failover LAN Interface: faillink Vlan 998 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 0 of 250 maximum
failover replication http
Config sync: active
Version: Ours 3.1(3), Mate 3.1(3)
Last Failover at: 12:32:48 UTC Aug 24 2007
This host: Primary - Active
Active time: 855495 (sec)
vlan64 Interface inside (172.17.64.1): Normal (Not-Monitored)
vlan64 Interface outside (172.17.62.64): Normal (Not-Monitored)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
vlan64 Interface inside (172.17.64.2): Normal (Not-Monitored)
vlan64 Interface outside (172.17.62.164): Normal (Not-Monitored)
Stateful Failover Logical Update Statistics
Link : statelink Vlan 999 (up)
Stateful Obj xmit xerr rcv rerr
General 32040 0 31982 0
sys cmd 31982 0 31982 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 58 0 0 0
Xlate_Timeout 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 2 278085
Xmit Q: 0 0 32040
------------------ show perfmon ------------------
Context: system
PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 0/s 0/s
TCP Conns 0/s 0/s
UDP Conns 0/s 0/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
HTTP Fixup 0/s 0/s
FTP Fixup 0/s 0/s
AAA Authen 0/s 0/s
AAA Author 0/s 0/s
AAA Account 0/s 0/s
TCP Intercept 0/s 0/s
------------------ show resource usage ------------------
Resource Current Peak Limit Denied Context
Telnet 1 1 5 0 system
------------------ show blocks np ------------------
MAX FREE THRESH_0 THRESH_1 THRESH_2
NP1 (ingress) 32768 32768 0 0 0
(egress) 521206 521206 0 0 0
NP2 (ingress) 32768 32768 0 0 0
(egress) 521206 521206 0 0 0
NP3 (ingress) 32768 32768 0 0 0
(egress) 521206 521206 0 0 0
------------------ show np pc ------------------
THREADC(NP1/NP2/NP3)
0:0000/0000/0000 1:0000/0000/0000 2:42b7/0000/0000 3:0000/0000/0000
4:0000/0000/0000 5:0000/0000/0000 6:0000/0000/0000 7:0000/0000/0000
8:0000/0000/0000 9:0000/0000/0000 10:0000/0000/0000 11:0000/0000/0000
12:0000/0000/0000 13:0000/0000/0000 14:0000/0000/0000 15:0000/0000/0000
16:0000/0000/0000 17:0000/0000/0000 18:0000/0000/0000 19:0000/0000/0000
20:0000/0000/0000 21:0000/0000/0000 22:0000/0000/0000 23:0000/0000/0000
24:0000/0000/0000 25:0000/0000/0000 26:0000/0000/0000 27:0000/0000/0000
28:0000/0000/0000 29:0000/0000/0000 30:0000/0000/0000 31:0000/0000/0000
------------------ Fast Path (1) Stats ------------------
-------------------------------------------------------------------------------
Fast Path 64 bit Global Statistics Counters (NP-1)
-------------------------------------------------------------------------------
PKT_MNG: total packets (dot1q) rcvd : 117
PKT_MNG: total packets (dot1q) sent : 278289
PKT_MNG: total packets (dot1q) dropped : 1711758
PKT_MNG: TCP packets received : 0
PKT_MNG: UDP packets received : 0
PKT_MNG: ICMP packets received : 24
PKT_MNG: ARP packets received : 103
PKT_MNG: other protocol pkts received : 0
PKT_MNG: default (no IP/ARP) dropped : 0
SESS_MNG: sessions created : 0
SESS_MNG: sessions embryonic to active : 0
SESS_MNG: sessions deleted : 0
SESS_MNG: session lookup hits : 0
SESS_MNG: session lookup misses : 14
SESS_MNG: embryonic lookup hits : 0
SESS_MNG: embryonic lookup misses : 0
-------------------------------------------------------------------------------
Fast Path 32 bit Global Statistics Counters (NP-1)
-------------------------------------------------------------------------------
SESS_MNG: insert errors : 0
SESS_MNG: embryonic to active errors : 0
SESS_MNG: delete errors : 0
PKT_MNG: packets to NP-3 : 10
PKT_MNG: packets from NP-3 : 5724
PKT_MNG: packets to FWSM : 5708
PKT_MNG: packets from FWSM : 278289
PKT_MNG: packets sent to other blade : 14
PKT_MNG: packets rcv from other blade : 0
PKT_MNG: pkt drop (l2 checks) : 0
PKT_MNG: pkt drop (l3 checks) : 0
PKT_MNG: pkt drop (l4 checks) : 0
PKT_MNG: pkt drop (rate limiting) : 0
PKT_MNG: pkt drop (A200) : 0
LU_MNG: UDP packets sent by FP ok : 0
LU_MNG: TCP packets sent by FP ok : 0
LU_MNG: LU packets sent by SP ok : 0
LU_MNG: LU pkt xmit errors leas twin fail : 0
LU_MNG: UDP packets received for FP ok : 0
LU_MNG: TCP packets received for FP ok : 0
LU_MNG: LU packets received for SP ok : 0
LU_MNG: LU packets received errors : 0
LU_MNG: LU packets redirected to NP3 : 0
LU_MNG: LU packets returned by NP3 : 0
LU_MNG: LU pkt sent new conn : 0
LU_MNG: LU pkt sent update : 0
LU_MNG: LU pkt sent fin : 0
LU_MNG: LU pkt sent data channel : 0
LU_MNG: LU pkt sent move embr to active : 0
LU_MNG: LU pkt xmit error interface down : 0
LU_MNG: LU pkt xmit err intf not configured : 0
LU_MNG: LU pkt xmit err FO flag stop traffic : 0
LU_MNG: LU pkt xmit err FO flag mismatch : 0
LU_MNG: LU pkt rcv err global table mismatch : 0
LU_MNG: LU pkt rcv err FO flag mismatch : 0
LU_MNG: LU pkt rcv err not .1Q : 0
LU_MNG: LU pkt rcv err not AAAA : 0
LU_MNG: LU pkt rcv err lkp hit msg mismatch : 0
LU_MNG: LU pkt rcv err lkp hit pkt/leaf mismatch : 0
LU_MNG: LU pkt rcv err lkp miss msg mismatch : 0
LU_MNG: LU pkt rcv err half hit : 0
LU_MNG: LU pkt rcv err embr to active fail : 0
LU_MNG: LU pkt rcv err control channel not found : 0
LU_MNG: LU pkt rcv err insertion fail : 0
LU_MNG: LU pkt rcv err pkt to np3 msg mismatch : 0
LU_MNG: LU pkt rcv err pkt to np3 leaf not active : 0
AGE_MNG: Aging Errors (no timeout set) : 0
PKT_MNG: PKT_DROP_DHCP_INGR : 0
PKT_MNG: PKT_DROP_MULTIC_BROADC_INGR : 0
PKT_MNG: PKT_DROP_A200_INGR : 0
PKT_MNG: PKT_DROP_ARP_INGR : 0
PKT_MNG: PKT_DROP_A300_INGR : 0
PKT_MNG: PKT_DROP_NOT_DOT1Q_INGR : 2283092
PKT_MNG: PKT_DROP_A200_EGR : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_MARK_DE : 0
PKT_MNG: PKT_DROP_A200_LINK_DATA_CH_FAIL : 0
PKT_MNG: PKT_DROP_A200_LEAF_INSERTION_FAIL : 0
PKT_MNG: PKT_DROP_L4_FIXUP_ACK : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN : 0
PKT_MNG: PKT_DROP_L4_FIXUP_RST : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN_ACK : 0
RL_MNG: session miss packet dropped : 0
RL_MNG: other protocol or ICMP dropped : 0
RL_MNG: packet to PIX dropped : 0
RL_MNG: packet to Fixup-PC dropped : 0
RL_MNG: packet to Fixup-SP dropped : 0
PF_MNG: pause frames sent (x3) : 0
PKT_MNG: PKT_DROP_INVALID_GROUP_ID : 0
PKT_MNG: PKT_DROP_INVALID_PAIR_VLAN : 0
PKT_MNG: PKT_DROP_DELETE_FAIL_RETRY : 0
PKT_MNG: PKT_DROP_L4_BAD_FLAGS : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_A300 : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_ALREADY_RST : 0
PKT_MNG: PKT_DROP_L4_SYN_ACK_SAME_DIREC_OF_SYN : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_INS : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_OUT : 0
PKT_MNG: PKT_DROP_L4_ACK_RCV_IN_WRONG_DIRECTION : 0
PKT_MNG: PKT_DROP_L4_BAD_CHECKSUM : 0
PKT_MNG: PKT_DROP_PIF_LOOKUP_FAIL : 0
PKT_MNG: PKT_DROP_BACK_TO_BACK_PACKET : 0
CNT_NUMBER_FULL_OPEN_INDICATION_TO_BE_SENT : 0
CNT_NUMBER_FULL_OPEN_INDICATION_SENT : 0
IPv6 packet received : 0
IPv6 packet sent : 0
IPv6 packet received from PC : 0
IPv6 packet sent to PC : 0
ASR_CNT: PKT_DROP_PIF_IFC_DOWN : 0
ASR_CNT: INGR_PKT_RECEIVED_AC : 0
ASR_CNT: EGRES_PKT_RECEIVED_AC : 0
ASR_CNT: INGR_PKT_RECEIVED_SB : 0
ASR_CNT: EGRES_PKT_RECEIVED_SB : 0
ASR_CNT: INGR_PKT_RECEIVED_BBBB : 0
PKT_CNT: Close indication sent : 0
PKT_CNT: Route Lookup miss (pkt drop) : 0
PKT_CNT: ARP Lookup miss : 5
PKT_CNT: Delete indication sent : 0
PKT_CNT: Wrong TLV type : 0
PKT_CNT: TLV 4 received : 0
RTL_MNG: packet rate limited : 0
RTL_MNG: MAC Relearns forced : 89
RTL_MNG: MAC Relearns forced aborted : 42
AGE_MNG: Aging threads launched : 3421245
AGE_MNG: Aging threads aborted : 0
AGE_MNG: Aging ropes completed : 855311
AGE_MNG: Aging Errors (no flag set) : 0
AGE_MNG: Zoombe leaf found : 0
------------------ Fast Path (2) Stats ------------------
-------------------------------------------------------------------------------
Fast Path 64 bit Global Statistics Counters (NP-2)
-------------------------------------------------------------------------------
PKT_MNG: total packets (dot1q) rcvd : 849312
PKT_MNG: total packets (dot1q) sent : 424114
PKT_MNG: total packets (dot1q) dropped : 292219
PKT_MNG: TCP packets received : 0
PKT_MNG: UDP packets received : 0
PKT_MNG: ICMP packets received : 0
PKT_MNG: ARP packets received : 34
PKT_MNG: other protocol pkts received : 0
PKT_MNG: default (no IP/ARP) dropped : 0
SESS_MNG: sessions created : 0
SESS_MNG: sessions embryonic to active : 0
SESS_MNG: sessions deleted : 0
SESS_MNG: session lookup hits : 0
SESS_MNG: session lookup misses : 14
SESS_MNG: embryonic lookup hits : 0
SESS_MNG: embryonic lookup misses : 0
-------------------------------------------------------------------------------
Fast Path 32 bit Global Statistics Counters (NP-2)
-------------------------------------------------------------------------------
SESS_MNG: insert errors : 0
SESS_MNG: embryonic to active errors : 0
SESS_MNG: delete errors : 0
PKT_MNG: packets to NP-3 : 14
PKT_MNG: packets from NP-3 : 5709
PKT_MNG: packets to FWSM : 5708
PKT_MNG: packets from FWSM : 0
PKT_MNG: packets sent to other blade : 0
PKT_MNG: packets rcv from other blade : 14
PKT_MNG: pkt drop (l2 checks) : 0
PKT_MNG: pkt drop (l3 checks) : 0
PKT_MNG: pkt drop (l4 checks) : 0
PKT_MNG: pkt drop (rate limiting) : 0
PKT_MNG: pkt drop (A200) : 0
LU_MNG: UDP packets sent by FP ok : 0
LU_MNG: TCP packets sent by FP ok : 0
LU_MNG: LU packets sent by SP ok : 0
LU_MNG: LU pkt xmit errors leas twin fail : 0
LU_MNG: UDP packets received for FP ok : 0
LU_MNG: TCP packets received for FP ok : 0
LU_MNG: LU packets received for SP ok : 0
LU_MNG: LU packets received errors : 0
LU_MNG: LU packets redirected to NP3 : 0
LU_MNG: LU packets returned by NP3 : 0
LU_MNG: LU pkt sent new conn : 0
LU_MNG: LU pkt sent update : 0
LU_MNG: LU pkt sent fin : 0
LU_MNG: LU pkt sent data channel : 0
LU_MNG: LU pkt sent move embr to active : 0
LU_MNG: LU pkt xmit error interface down : 0
LU_MNG: LU pkt xmit err intf not configured : 0
LU_MNG: LU pkt xmit err FO flag stop traffic : 0
LU_MNG: LU pkt xmit err FO flag mismatch : 0
LU_MNG: LU pkt rcv err global table mismatch : 0
LU_MNG: LU pkt rcv err FO flag mismatch : 0
LU_MNG: LU pkt rcv err not .1Q : 0
LU_MNG: LU pkt rcv err not AAAA : 0
LU_MNG: LU pkt rcv err lkp hit msg mismatch : 0
LU_MNG: LU pkt rcv err lkp hit pkt/leaf mismatch : 0
LU_MNG: LU pkt rcv err lkp miss msg mismatch : 0
LU_MNG: LU pkt rcv err half hit : 0
LU_MNG: LU pkt rcv err embr to active fail : 0
LU_MNG: LU pkt rcv err control channel not found : 0
LU_MNG: LU pkt rcv err insertion fail : 0
LU_MNG: LU pkt rcv err pkt to np3 msg mismatch : 0
LU_MNG: LU pkt rcv err pkt to np3 leaf not active : 0
AGE_MNG: Aging Errors (no timeout set) : 0
PKT_MNG: PKT_DROP_DHCP_INGR : 0
PKT_MNG: PKT_DROP_MULTIC_BROADC_INGR : 0
PKT_MNG: PKT_DROP_A200_INGR : 0
PKT_MNG: PKT_DROP_ARP_INGR : 0
PKT_MNG: PKT_DROP_A300_INGR : 0
PKT_MNG: PKT_DROP_NOT_DOT1Q_INGR : 0
PKT_MNG: PKT_DROP_A200_EGR : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_MARK_DE : 0
PKT_MNG: PKT_DROP_A200_LINK_DATA_CH_FAIL : 0
PKT_MNG: PKT_DROP_A200_LEAF_INSERTION_FAIL : 0
PKT_MNG: PKT_DROP_L4_FIXUP_ACK : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN : 0
PKT_MNG: PKT_DROP_L4_FIXUP_RST : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN_ACK : 0
RL_MNG: session miss packet dropped : 0
RL_MNG: other protocol or ICMP dropped : 0
RL_MNG: packet to PIX dropped : 0
RL_MNG: packet to Fixup-PC dropped : 0
RL_MNG: packet to Fixup-SP dropped : 0
PF_MNG: pause frames sent (x3) : 0
PKT_MNG: PKT_DROP_INVALID_GROUP_ID : 0
PKT_MNG: PKT_DROP_INVALID_PAIR_VLAN : 0
PKT_MNG: PKT_DROP_DELETE_FAIL_RETRY : 0
PKT_MNG: PKT_DROP_L4_BAD_FLAGS : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_A300 : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_ALREADY_RST : 0
PKT_MNG: PKT_DROP_L4_SYN_ACK_SAME_DIREC_OF_SYN : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_INS : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_OUT : 0
PKT_MNG: PKT_DROP_L4_ACK_RCV_IN_WRONG_DIRECTION : 0
PKT_MNG: PKT_DROP_L4_BAD_CHECKSUM : 0
PKT_MNG: PKT_DROP_PIF_LOOKUP_FAIL : 0
PKT_MNG: PKT_DROP_BACK_TO_BACK_PACKET : 0
CNT_NUMBER_FULL_OPEN_INDICATION_TO_BE_SENT : 0
CNT_NUMBER_FULL_OPEN_INDICATION_SENT : 0
IPv6 packet received : 0
IPv6 packet sent : 0
IPv6 packet received from PC : 0
IPv6 packet sent to PC : 0
ASR_CNT: PKT_DROP_PIF_IFC_DOWN : 0
ASR_CNT: INGR_PKT_RECEIVED_AC : 0
ASR_CNT: EGRES_PKT_RECEIVED_AC : 0
ASR_CNT: INGR_PKT_RECEIVED_SB : 0
ASR_CNT: EGRES_PKT_RECEIVED_SB : 0
ASR_CNT: INGR_PKT_RECEIVED_BBBB : 0
PKT_CNT: Close indication sent : 0
PKT_CNT: Route Lookup miss (pkt drop) : 0
PKT_CNT: ARP Lookup miss : 0
PKT_CNT: Delete indication sent : 0
PKT_CNT: Wrong TLV type : 0
PKT_CNT: TLV 4 received : 0
RTL_MNG: packet rate limited : 0
RTL_MNG: MAC Relearns forced : 89
RTL_MNG: MAC Relearns forced aborted : 42
AGE_MNG: Aging threads launched : 3421227
AGE_MNG: Aging threads aborted : 0
AGE_MNG: Aging ropes completed : 855306
AGE_MNG: Aging Errors (no flag set) : 0
AGE_MNG: Zoombe leaf found : 0
------------------ Slow path info ------------------
----------------------------------------------------------------
Slow Path Statistics
----------------------------------------------------------------
Packets from Fast Path
----------------------
New Conn Packets : 14
ARP Miss Indications : 5
Layer 7 Packets (F400) : 11432
PC Packets (8100) : 0
IPv6 Packets to PC : 0
Packets from PC Complex
-----------------------
Outgoing Pkts (A300) : 278290
Fast Path Pkts (A200) : 11432
IPv6 Packets to NP : 0
Indications from Fast Path
--------------------------
Sessions Inserts : 0
Close Indications : 0
Embryonic Indications : 0
Full Open Indications : 0
Session Management Statistics
-----------------------------
Session Mgmt Inserts : 0
TCP Fixups : 0
UDP Fixups : 0
ICMP Fixups : 5
Other Fixups : 0
TLV4 Processed : 0
TLV5 Processed : 0
TLV18 Processed : 0
Packets Discarded : 0
Lxlate NAT Created : 2
Lxlate PAT Created : 0
Gxlate NAT Created : 2
Gxlate PAT Created : 0
Lxlate NAT Deleted : 2
Lxlate PAT Deleted : 0
Gxlate NAT Deleted : 2
Gxlate PAT Deleted : 0
PAT Port Allocated : 0
PAT Port Freed : 0
MAC Lookups Performed : 0
MAC Lookup Hits : 0
Discard Statistics
------------------
Ingress Discards : 0
8100 Packets : 0
Emb Xlate Packets : 0
Process Ack Errors : 0
Close Notify Errors : 0
D300 Packets : 0
Bad Vlan Id Packets : 0
VFT Load Errors : 0
PIF Load Errors : 0
Xlate Create Errors : 0
Ingress Aborts : 0
Egress Discards : 0
Xlate Read Error : 0
D300 Packets : 0
Not Outside Xlate : 0
Out Xlate Create : 0
Console Accs Denied : 0
AAA Denied Packets : 0
AAA Packets : 0
ACL Denied Packets : 0
TLV Error Packets : 0
Shunned Packets : 0
Too many connections : 0
Rev Route Lkup Fail : 0
Inbound Deny (!static) : 0
Self Route Packets : 0
Session Mgmt : 0
Bad Vlan Id Packets : 0
Read Global Table Fail : 0
ARP drop : 0
VFT Load Errors : 0
Pif Load Errors : 0
Bad IP Length Packets : 0
IP Checksum Errors : 0
Xlate Create Errors : 0
Est<->HO Errors : 0
HO Insert Errors : 0
ICMP Msg Orig Pkts : 0
Unsupported AAA Config : 0
Sess Mgmt RL Drops : 0
Nat0 SSLC Outside : 0
Egress Aborts : 0
Management Only Ifc : 0
Route Misses : 0
VF Disable Drops : 0
Deny Conns (Low PC Mem): 0
Deny Conns (Conn State): 0
SMTP Packets : 0
Assert Soft : 0
GPH Frame : 0
ICMP Packets : 0
Resource Allocate Fail : 0
Invalide IP Addr : 0
Classify Fail : 0
Nat Lookup Fail : 0
Policy CLS Lookup FaiL : 0
Policy CLS Permit Fail : 0
Policy Not Equal CLS : 0
Nat and Global Conflict: 0
Interface Down : 0
Xlate Create Errors : 0
HO Insert Errors : 0
Reset Pkts Generated : 0
VFT Load Errors : 0
PIF Load Errors : 0
----------------------------------------------------------------
Flow Control: Rate Limit Statistics
----------------------------------------------------------------
GF Dropped : 0
Syslogs Dropped : 0
Route Packets Dropped : 0
ARP Packets Dropped : 0
Fornax Server Packets Dropped : 0
Fornax Client Packets Dropped : 0
Other IP Packets Dropped : 0
L7 Fixup Packets Dropped : 0
NP3 Fixup Packets Dropped : 0
ARP/L2 Indications Dropped : 0
Other Indications Dropped : 0
NP1 Sessions Dropped : 0
NP2 Sessions Dropped : 0
NP3 Sessions Dropped : 0
IP Fragments Dropped : 0
Mcast Control (PIM or IGMP) : 0
Packets to CP Dropped : 0
----------------------------------------------------------------
------------------ show Dispatch Stats ------------------
Dispatch Level Stats[system]:
Total pkts received : 11515
Total bytes received : 1645974
Total pkts dropped : 0
Total Control Channels Created : 0
Total primary_sessions_created : 0
Total secondary_sessions_created Created : 0
Total sessions freed : 0
Total embryonic sessions created : 0
Total session moved to full open : 0
Total embryonic session timeouts : 0
Total zombie created : 0
Total zombie reused : 0
Total zombie freed : 0
Max conn hash chain length : 0
Total delete indications Received : 0
Total buffer overflow count : 0
Total url filtering connections : 0
Fixup Error Stats:
Invalid Ethernet Type : 0
Packet Received in Indication : 0
Invalid TLV Length : 0
Unknown TLV : 0
Invalid Packet Length : 0
Invalid L4 protocol in packet : 0
Invalid conn ptr in indication : 0
Unsolicited delete indication : 0
Host object lookup failure for indication : 0
Invalid internal interface in indication : 0
Invalid PIF in session info TLV : 0
Conn lookup failure for delte indication : 0
Fragments received for missing conn object : 0
Session ID mismatch existing connection : 0
Xlate ID mismatch for existing connection : 0
Packets received for deleted connections : 0
Connection object allocation failures : 0
Host object allocation failures : 0
Xlate allocation failures : 0
Xlate missing for conn : 0
full open in zombie : 0
Junk pointer in session TLV : 0
error in setting VCID : 0
error in PCI query xid : 0
Error in xlate flags : 0
------------------ show mode ------------------
Security context mode: multiple
The flash mode is the SAME as the running mode.
------------------ show history ------------------
en
show tech-support
------------------ show firewall ------------------
Context Mode
admin Router
vlan64 Router
vlan68 Router
------------------ show running-config ------------------
: Saved
:
FWSM Version 3.1(3) <system>
!
resource acl-partition 12
hostname KC
enable password 2KFQnbNIdI.2KYOU encrypted
!
interface Vlan64
!
interface Vlan65
!
interface Vlan68
!
interface Vlan997
!
interface Vlan998
descripttion LAN Failover Interface
!
interface Vlan999
descripttion STATE Failover Interface
!
passwd 2KFQnbNIdI.2KYOU encrypted
class default
limit-resource All 0
limit-resource IPSec 5
limit-resource Mac-addresses 65535
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface faillink Vlan998
failover replication http
failover link statelink Vlan999
failover interface ip faillink 172.17.63.2 255.255.255.252 standby 172.17.63.1
failover interface ip statelink 172.17.63.6 255.255.255.252 standby 172.17.63.5
no asdm history enable
arp timeout 14400
console timeout 5
admin-context admin
context admin
allocate-interface Vlan997
config-url disk:/vlan997.cgf
!
context vlan64
descripttion kc_sever_64
allocate-interface Vlan64
allocate-interface Vlan997
config-url disk:/vlan64.cgf
!
context vlan68
descripttion kc_server_68
allocate-interface Vlan68
allocate-interface Vlan997
config-url disk:/vlan68.cfg
!
prompt hostname context
Cryptochecksum:6e655934ad4a33f6b65bc55ce5264d72
: end
------------------ show startup-config errors ------------------
Number of ACL memory partitions = 12
*** Output from config line 6, "resource acl-partition 1..."
limit-resource All 0
^
ERROR: % Invalid input detected at '^' marker.
*** Output from config line 26, " limit-resource All 0"
INFO: Admin context is required to get the interfaces
*** Output from config line 44, "arp timeout 14400"
Creating context 'admin'... Done. (1)
*** Output from config line 47, "admin-context admin"
WARNING: Could not fetch the URL disk:/vlan997.cgf
*** Output from config line 50, " config-url disk:/vlan9..."
Creating context 'vlan64'... Done. (2)
*** Output from config line 53, "context vlan64"
Creating context 'vlan68'... Done. (3)
*** Output from config line 60, "context vlan68"
WARNING: Could not fetch the URL disk:/vlan68.cfg
*** Output from config line 64, " config-url disk:/vlan6..."
------------------ show context detail ------------------
Context "admin", is ADMIN and active
Config URL: disk:/vlan997.cgf
Real Interfaces: Vlan997
Mapped Interfaces: Vlan997
Class: default, Flags: 0x00001857, ID: 1
Context "null", is a system resource
Config URL: ... null ...
Real Interfaces:
Mapped Interfaces:
Class: default, Flags: 0x00000809, ID: 256
Context "system", is a system resource
Config URL: flash:config
Real Interfaces:
Mapped Interfaces: EOBC0, GigabitEthernet0, GigabitEthernet1, Vlan64,
Vlan65, Vlan68, Vlan997, Vlan998, Vlan999
Class: default, Flags: 0x00000819, ID: 0
Context "vlan64", is active
Desc: kc_sever_64
Config URL: disk:/vlan64.cgf
Real Interfaces: Vlan64, Vlan997
Mapped Interfaces: Vlan64, Vlan997
Class: default, Flags: 0x00001855, ID: 2
Context "vlan68", is active
Desc: kc_server_68
Config URL: disk:/vlan68.cfg
Real Interfaces: Vlan68, Vlan997
Mapped Interfaces: Vlan68, Vlan997
Class: default, Flags: 0x00001855, ID: 3
------------------ Context admin ------------------
------------------ show memory ------------------
Used memory: 891328 bytes ( 0%)
------------- ----------------
Total memory: 1073741824 bytes (100%)
------------------ show conn count ------------------
0 in use, 0 most used
------------------ show xlate count ------------------
0 in use, 0 most used
------------------ show blocks ------------------
SIZE MAX LOW CNT INUSE HIGH
4 1800 1792 1800 4 6
80 1000 979 995 0 0
256 1600 1532 1584 0 1
1550 11575 11507 11527 0 8
2048 1384 1352 1383 0 2
16384 8192 7678 7682 0 0
------------------ show interface ------------------
Interface Vlan997 "", is up, line protocol is up
Available but not configured via nameif