Short of rebooting, is there a way to clear this counter on an ASA 5505?
sh int
Traffic Statistics for "inside":
39514338 packets input, 3103793436 bytes
13578097 packets output, 15566854561 bytes
[Code] ....
What would be the command to clear the df-bit on a PIX-515e running 6.3? I have tried the following:
conf t crypto ipsec df-bit clear-df inside and it doesn't take it.
In my Cisco ASA 5510 in release 8.2, I have an extrage behavior in the output of "show service-police" command. The issue is that I create a class-map to limit trafic in one of ASA interfaces and I applied in a service policy. This is the configuration:
access-list ACL-Limitada extended permit ip host srv-proxy any
access-list ACL-Limitada extended permit ip any host srv-proxy
access-list ACL-Limitada extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp-data
access-list ACL-Limitada extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp
access-list ACL-Limitada extended permit tcp any 192.168.10.0 255.255.255.0 eq ftp-data
access-list ACL-Limitada extended permit tcp any 192.168.10.0 255.255.255.0 eq ftp
[code]...
what is the DNS cache? What is the process of clearing the DNS cache in windows XP SP2? And why do we need to clear the DNS cache?
View 12 Replies View RelatedLooking at the logs RV220W I can read the following lines:
[rv220w]Fri Aug 19 18:28:54 2011(UTC) [rv220w][Kernel][KERNEL] Clearing the ISR a800000003378400
[rv220w]Fri Aug 19 18:30:39 2011(UTC) [rv220w][Kernel][KERNEL] Clearing the ISR a800000003378200
[rv220w]Fri Aug 19 19:23:04 2011(UTC) [rv220w][Kernel][KERNEL] Clearing the ISR a800000003378e00
[ code] ....
What are they?? and what should be done ????.
I am seeing the following behavior when computers move from one switch to another with dot1x ONLY when there is a 'stupid' switch in between.
computer -------- 'stupid' switch ------- 2960
dot1x is working fine but when the computer is disconnected, the port still shows the authentication session id so when the computer connects to another port or switch, authentication succeeds but traffic doesn't pass. While I'm almost certain that the culprit is the 'stupid' switch that doesn't clear the session id, I have already tried another one and the problem remains so I'm actually just asking for a confirmation that all these 'stupid' switches present this behavior and if there is a workaround in this case.
Is there any way to clear a single ARP cache entry on the 6500 switch ?
View 8 Replies View RelatedWe have a pair of CSS 11503 installed in our DC. Stickiness is configured for one of the application since long back and was working pretty fine till last couple of months. Since last two months, we observed that CSS is not distributing sessions the way it suppose to be. Mostly, it forwards the session to same server even though request is coming from different sources. Once we refresh the sessions manually, it starts working fine. We have to do this exercise manually every alternate day.
View 1 Replies View RelatedWe have recently deployed several Ciso 887VAW (IOS 15.1(4)M4) to customer premises and I have come to realise counters show extremely high (not at all accurate) output rate and packets on all of them. [code]
View 2 Replies View RelatedMy customer recently deployed WLCs and WCS in their environment. However, recently they experienced slow performance. To futher finding out the root cause, I generated the 802.11 counters report from the WCS and noticed the following parameters is shown. Tx/Rx Fragment Count/Sec and FCS Error Count/Sec
1. Can I make the assumptions that the overall transfer of packet rate in that interval is the Total of Tx/Rx Fragment Count/Sec and FCS Error Count/Sec?
2. If the output rate of Tx/Rx Fragment Count/Sec and FCS Error Count/Sec are the same, does it mean that 50% of the packet are corrupted and this high FCA Error Count/Sec will cause performance degradation to the wireless througphput?
3. What is the baseline of the FCS Error Count/Sec that is acceptable? As for the case with wired, 1% error rate is acceptable. Will wireless have the same baseline?
I notice strange input rates on the interfaces of a 881 router:
show int fa4
..
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec
..
30 second input rate 85000 bits/sec, 11 packets/sec
30 second output rate 16000 bits/sec, 9 packets/sec
221434 packets input, 287889736 bytes
..
..
142286 packets output, 15683576 bytes, 0 underrun
How can 11 packets/sec be 85000 bits/sec -- average packet size of 8KB?. The total packets input (221434 packets versus 287+ MB) also shows this kind of a 10KB+ average packet size. There is ahardly any traffic through the router when the above snapshot was taken so 11 packets/sec sounds right, but not the 85Kbits/sec.
The router is running c880data-universalk9-mz.151-4.M4.bin and config is simple with a single Vlan (inside NAT) with a public IPs on fa4 and a couple of IPs for dynamic NAT. Everything works fine except for these interface counters that look worng.
I have ACS 5.1, I have created a user with privilege 15. I need to allow a single command by command set. I have configured command set. in command set setting i have unchecked "Permit any command that is not in the table below"
and added command as below.
Grant Command Argument
Permit clear counters
its allowing me to run clear counters, good is its not allowing to show run and configuration t commands. And problem is i can run reload command also even show interface commands.I just want to allow clear counters command only.
I am having ACS 5.2. I have to configure a user which would have privilege 7 access and addition to this, a user can run "clear counters" command.how to configure cammand set for "clear counters"?Can i run clear counters by privilege 7?
View 2 Replies View RelatedUsing an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc. We would also like to allow this user to clear the interface error counters as well, but nothing else.
View 2 Replies View RelatedI have a WLC 2106 with 3 APs. Everything works and users can connect, but the throughput seem to be lower than it should (it is around 8Mbps and should be around 30-50Mbps). And all speed and duplex has been accounted for.
I am trying to understand the stats that I see for the 802.11 MAC counters I under the Wireless APs.on the controller.
That screenshot is attached. I see high numbers for the following areas:
- Tx Failed Count
- RTS Failure Count
- FCS Error Count
what these mean and what could cause this? Maybe these are normal and not a concern.
we have a 878 router and we want to mark traffics when entering on its lan interface.its lan interface is a layer 2 interface and we have created vlan interface and assosiated lan interface to that vlan.on vlan interface itself there is no service-policy command so we have to put serive-policy command on interace fast 0 itself which is layer 2 port.when we assign service-policy to fast 0 it doesnt work and it does not mark any traffic also class default counters doesnt increase to indicate any traffic is passing even it is not getting marked. ios version is advipservices.124.9T. How to mark traffic on this port. ii dont know why service-policy command is supported on layer 2 interface when it doesnt work at all.
View 3 Replies View RelatedWe're running a simple policy map on a 3750 stack (IOS version 12.2(53)SE2), but the route-map counters do not show any matches:
NYKIRDRCX01#sh route-map
route-map remote-route, permit, sequence 51
Match clauses:
ip address (access-lists): remoteACL
Set clauses:
ip next-hop 192.168.101.5
Policy routing matches: 0 packets, 0 bytes
However, I've confirmed via our netflow monitor that the traffic we're trying to send to the appropriate next hop is, indeed, getting there correctly.
I've seen issues in the past with a 3750 not reporting counters correctly.
i am new to MPLS on cisco routers. For our interoperability testing i need MPLS tunnel counters output ( data sent out and data received.). i am not able to find this information in cisco user guide. As per standard it is defined in MIB table mplsTunnelPerfTable of stdte.mib.
View 7 Replies View RelatedI am attempting to monitor bandwidth utilization of the WAN port for the RV180 via SNMP and I am getting strange results. If a 256MB file is transferred from a remote server (without compression), the ifInOctets counter doesn't increment by anything resembling 256MB:
$ snmpget -v2c -c public 192.168.1.1 IF-MIB::ifInOctets.5 IF-MIB::ifOutOctets.5
IF-MIB::ifInOctets.5 = Counter32: 365402138
IF-MIB::ifOutOctets.5 = Counter32: 32610053
[Code].....
I'm reasonably certain that the .5 interface is the WAN port based on the value of ipAdEntIfIndex.X.X.X.X, but even if that were not the case, none of the other interfaces increment by a value close to the amount of data transfered. SNMP monitoring of a WAP121 on the same subnet returns expected results. I can only assume that SNMP on the RV180 is completely broken.
The router has the latest firmware available (1.0.1.9). There is only one network connection and the RV180 is the default gateway for all internal hosts.
This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
View 2 Replies View RelatedI can't remember clearing the log with a clear counters. Router is a CISCO 3925-CHASSIS (revision 1.1) with C3900-SPE100/K9..System image file is "flash: c3900-universalk9-mz.SPA.150-1.M4.bin"..I did a : clear counters, enter. got this standard message >> Clear "show interface" counters on all interfaces [confirm], enter and it CLEARED the LOG BUFFER as well !!!! never seen that before. Its a newly turned up router, repurposed from another part of our network.
View 1 Replies View RelatedIve got a 494810ge switch, and this parameters are important for me:
sh int gi 1/4 counters detail
Port InBytes InUcastPkts InMcastPkts InBcastPkts
Gi1/4 252819467437788 173264735013 10827 760
Port OutBytes OutUcastPkts OutMcastPkts OutBcastPkts
Gi1/4 36657317030233 280590958051 5248439 5443194
Port InPkts 64 OutPkts 64 InPkts 65-127 OutPkts 65-127
Gi1/4 558420918 205564441592 2627477631 60865368994
[code]....
Some parameters i can get by snmp (InBytes,InUcastPkts,InMcastPkts, and so on from out), but how can i take other parameters? I would like to do it by snmp but i did not find proper oids. Now I making a sheme like this: eem every 90 seconds takes this info and writes it down to file into nvram and then send it by scp to server, where file is processed by monitoring system script. It is not very good, cause cisco system cpu sometimes spikes of this and i dont know a resourse of nvram, how much times can i write to it?
I've got an SG300-10 connected back to back (trunked) with a Cisco 3560X switch, across a fibre link and am seeing some big inconsistencies in terms of unicast data transferred across the ports between them.
During a night time window of 4am - 6am I run backups which involves a large copy of files, that almost saturates a GigE link - we can see from the 3560X end that the link is running at a bit over 800MBit/sec of throughput, sustained. The duration of this transfer is consistent with the size of the files being transferred (ie just over an hour, and is what I'd expect for a data transfer of about that amount). Back-of-the-envelope calculations indicate that the 3560X is measuring this data throughput correctly.
However on the SG300 end of the link, which is also being polled by the same application (Cacti), I'm observing spikey counts of only around 20MBit/sec during that window. These counters are very obviously incorrect - there's a huge amount more data moving across the port than that. The incorrect calculations are showing on both the trunk port out of the SG300 (uplink) as well as the interface where the NAS is connected in (which is an access port).
Cacti is polling the OID: .1.3.6.1.2.1.2.2.1.16.57 which translates to IF-MIB::ifOutOctets.57 = Counter32.I'm running version 1.3.0.62 but this problem is not new to this release - previous releases and 1.2 based releases also had this problem.
It looks like multicast traffic may be being counted correctly (that's only a suspicion though), however what I am certain of is that there is a very large discrepancy with the unicast traffic counts.Is this OID the correct one to be using for this switch?
how I can check the qos counters and stats for interfaces on my cat 6509 ?
View 1 Replies View RelatedI have two cisco 2821 routers (12.4(3a)) doing IPSec and I would like to graph (using SNMP) some counters which are shown using "show crypto engine accel stat", however, I have not been able to find which MIB resp. OID I need to acces.
View 9 Replies View Relatedwhich models of HP ProCurve or Dell PowerConnect support 64-bit IF-MIB counters, or for that matter any other manufacturer (Zyxel?) (snmpv2 or v3, OID .1.3.6.1.2.1.31.1.1.1.6)I believe pretty much any Cisco Catalyst above a 2950 do, however don't believe any of the SG series do. I realize I could pick up a 2960G for $1500-2k and be good to go, but I forsee a larger switch purchase in the future, but still could use a switch in the meantime that was able to allow accurate monitoring of closet uplink bandwidth?
View 1 Replies View Relatedhow can I clear the counters of the policy-map statistics in an 7600 and the 1841 router?
View 6 Replies View Relatedvlan interface and physical interface (that is serving for this vlan ) have different input/output counters, there is only one physical interface in this vlan .
sh int vlan 64
30 second input rate 9000 bits/sec, 9 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
[Code]....
Any chance of one or preferably both of these before I flash the router to a more competent firmware?Rather ridiculous that there's no interface counters and no SNMP server. I prefer keeping stock firmware where possible but I need this functionality, it really isn't a big ask.That said I have an E4200 v1, which already looks like abandonware given it's been 6 months since the last firmware update - not amused and no intention of swapping a high performance router for one that sacrifices performance for better NAS functionality.
View 8 Replies View RelatedHow I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies View RelatedI have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies View Relatedsetting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.