Gilles,

I am very glad you reply.

Is there any way I can show all active flows?

Using show flows 0.0.0.0 only show 200 prefixes. I want to check the flows during CSS response ICMP Port unreachable.

Do you have idea about CSS response ICMP port unreachable?

Thanks.

Jeffrey

Hi,

One more question, I diable the flows for UDP 53, but the flows still exist. How can I clear flows? Like the command clear xlate on pix.

Flow Manager Statistics - Slot 1, Subslot 1:

Cur High Avg

UDP Flows per second 0 69 0

TCP Flows per second 15 218 8

Total Flows per second 15 218 9

Hits per second 6 155 3

Number of Allocated Flows (non-purged) 55790

Number of Free Flows 9746

Number of Allocated fast-path FCBs 55790

Number of Free fast-path FCBs 75282

Number of Flow Drops 0

Max Number of Flow Control Blocks 537165

Accumulated Port Flow Statistics:

Current Number of Active Flows 55856

Total Flow Accounting Reports received 224931418

Total Out of Sequence Packet Received 0

Total Spoof Queue Mis-Hits 0

FM TCP Flows Timed Out 91

FM UDP Flows Timed Out 391

FP TCP Flows Timed Out 272679

FP UDP Flows Timed Out 1443575

Thanks

Jeffrey

HI Jeffery,

You can clear ICMP, TCP, and UDP connections by using the clear conn command in Exec mode. The syntax of this command is as follows:

clear conn [all | flow {icmp | tcp | udp} | rserver]

The keywords are as follows:

•all-(Optional) Clears all connections to and through the ACE in the current context.

•flow {icmp | tcp | udp}-(Optional) Clears all connections of the specified flow type: ICMP, TCP, or UDP.

•rserver-(Optional) Clears all connections for the specified real server.

For example, to clear all TCP connections in the current context, enter:

host1/C1# clear conn flow tcp

-------

You can clear IP statistics by using the clear ip statistics command in Exec mode. This command clears all statistics associated with IP normalization, fragmentation, and reassembly in the current context. The syntax of this command is as follows:

clear ip statistics

For example, to clear IP statistics in the current context, enter:

host1/C1# clear ip statistics

----

If you configured redundancy, you need to explicitly clear IP, TCP,UDP statistics on both the active and the standby ACEs. Clearing statistics on the active appliance alone will leave the standby appliance's statistics at the old values.

----

You can clear TCP statistics by using the clear tcp statistics command in Exec mode. This command clears all statistics associated with TCP connections and normalization in the current context. The syntax of this command is as follows:

clear tcp statistics

For example, to clear TCP statistics in the current context, enter:

host1/C1# clear tcp statistics

---

You can clear UDP statistics by using the clear udp statistics command in Exec mode. This command clears all statistics associated with UDP connections in the current context. The syntax of this command is as follows:

clear udp statistics

For example, to clear UDP statistics in the current context, enter:

host1/C1# clear udp statistics

---

You can clear IP fragmentation and reassembly statistics by using the clear interface command in Exec mode. The syntax of this command is as follows:

clear interface [vlan vlan_id]

For the optional vlan_id argument, enter the unique identifier of an existing interface as an integer from 2 to 4094. If you omit the vlan keyword and vlan_id argument, you can clear fragmentation and reassembly statistics for all interfaces in the context.

For example, to clear IP fragmentation and reassembly statistics for all interfaces in the C1 context, enter:

host1/C1# clear interface

---

You can clear all connection statistics in the current context by using the clear stats conn command in Exec mode. The syntax of this command is as follows:

clear stats conn

For example, to clear all connection statistics in the Admin context, enter:

host1/Admin# clear stats conn

---

Thanks and regards,

Sachin Garg

Senior Specialist Security

HCL Comnet Ltd.

http://www.hclcomnet.co.in

A-10, Sector 3, Noida- 201301

INDIA

Mob: +91-9911757733

Email: sachinga@hcl.in

Hi Sachin Garg,

Thanks.^_^

But seem the command don't exist in CSS11501 platform.

CSS11501# clear ?

archive Clear an archive file

arp Clear an ARP table or file

log Clear a log file

running-config Clear the running-config

script Clear a script file

ssl Clear SSL Acceleration data

startup-config Clear the startup configuration

startup-errors Clear the startup configuration errors file

statistics Clear interface statistics

HI Jeffer,

I am sorry as i have not seen and suggested the commands for the cisco ACE.

you can use

flow active-list

for showing flows.

use following url for know more about flows:

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_qanda_item09186a00801cb75b.shtml

---

you can use following command but i dont know whether they solve your problem or not:

To clear a service statistics counter for all CSS services associated with a content rule, use the zero command. To clear a service statistics counter for a specific service in the content rule, use the zero command and identify the name of the service. In this case, only the counter for the specified service is set to zero.

The reset statistics appear as 0 in the show service display.

You can issue the following zero commands from content mode:

•zero total-connections - Set the Total Connections counter to zero for all services associated with the specified content rule

•zero total-reused-connections - Set the Total Reused Conns. counter to zero for all services associated with the specified content rule

•zero state-transitions - Set the State Transitions counter to zero for all services associated with the specified content rule

You can issue the following zero commands from content mode:

•zero total-connections service service_name - Set the Total Connections counter to zero for only the specified service associated with the content rule

•zero total-reused-connections service service_name - Set the Total Reused Conns. counter to zero for only the specified service associated with the content rule

•zero state-transitions service service_name - Set the State Transitions counter to zero for only the specified service associated with the content rule

For example, to clear a counter for all services associated with the specified content rule, enter:

(config-owner-content[rule1])# zero total-connections

For example, to clear a counter for a specific service in a content rule, enter:

(config-owner-content[rule1])# zero total-connections service

serv1

---

The counters are per owner and per rule. To clear all counters, issue the zero all command at the config-owner[foo.com])# prompt. To clear counters for a rule, enter into the configuration mode for the rule and then issue the zero all command.

----