Changes to ZFW, requiers reload to take effect, really?

jdkjdk · ‎07-12-2010

Hi,

I'm relativily new to the IOS ZFW, and have spend a lot of time to figure out why my configs didn't work, and by mistake a router reloaded and every thing worked perfectly.

My question is, is it really nessary to reload every time you make a small change/addition to e.g.. a class-map?

I've tried to remove and re-apply the zone-member on the interfaces, and do shut and no shut, but only reload works.

Another way than reload is appreciated.

Regards, Jorgen Dam

Panos Kampanakis · ‎07-12-2010

No, you do not need a reload.

Sometime while configuring you might see some conns fall into a session of ZBF that is not the right one (you were still configuring). So clearing the inspected sessions in ZBF could also help.

But in general it is not very common to use the clear or reboot the router for ZBF to take effect.

You would need to check the logs while in the broken state to see what ZBF was doing.

I hope it helps.

PK

jdkjdk · ‎07-14-2010

Thanks pkampana,

But there was indeed a bug in the IOS. Here is the reponse from Cisco TAC:

"You are hitting a well-known software bugs with the ID: CSCte85909 ZBF: Changes in nested class-maps do not take effect until reload, so upgrading 15.0(01)M2.7 should solve the problem."

I upgraded to version 15.1T and every thing workd the way it should.