Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE 20 Modular - show tech too large

Hi

A Client sent me a show tech of this ACE 20, is inserted into a VSS, but this file is very large, the reason is a command "show acl-merge merged-list vlan 93".. Somebody can tell me is this information is normal, or not, I think that is possible attack point to the farm server. the service is up, in the other ace20. the symptom is can not reach the VIP of the service.

 

`show acl-merge merge vlan 93 in`

All ACEs in merged list 5 Total:6377 Non-redundant:5608

Priority:164, Lineno:0, ACE-id:61470 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16779265[G:0,P:1,C:8,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE     
IP address SRC:0.0.0.0/0.0.0.0 DST:172.23.98.20/255.255.255.255
Ports SRC:RANGE 8 8 DST:RANGE 0 0       
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

Priority:326, Lineno:0, ACE-id:61471 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16781313[G:0,P:1,C:16,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE     
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255        
Ports SRC:RANGE 8 8 DST:RANGE 0 0       
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

Priority:487, Lineno:0, ACE-id:61472 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16783361[G:0,P:1,C:24,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE     
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.51/255.255.255.255        
Ports SRC:RANGE 8 8 DST:RANGE 0 0       
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

Priority:647, Lineno:0, ACE-id:61473 Action:PERMIT, Path-id:0x81/0x0/0x0:6/0[6/]
Pmap:0x5, Log:FALSE/FALSE[FALSE][FALSE], Interval:0/0[0][0]
Hash1:0x0 Hash2:0x0
Generated:TRUE, need-to-add-in-comp:NO_ACT_NEEDED, redundant:FALSE
Parent:: feature:SECURITY ace-lineno:8 ACL priority:0[G:0,P:0,C:0,ACL:0]
Parent:: feature:TO CP ace-lineno:2 ACL priority:16785409[G:0,P:1,C:32,ACL:1]
Feature:SECURITY Policy:1[1][1] sec-level:0x0 Intratype:SKIP
Feature:TO CP Policy:1[1][1] sec-level:0x0 Intratype:TERMINATE
Intertype:TERMINATE     
IP address SRC:0.0.0.0/0.0.0.0 DST:165.183.93.61/255.255.255.255        
Ports SRC:RANGE 8 8 DST:RANGE 0 0       
Protocol:1
Hit Count:0 Active:TRUE Timerange:0

 

2 REPLIES
Cisco Employee

Hi,If it is ACL merge issue,

Hi,

If it is ACL merge issue, generally removing and reapplying the configuration should help. The show tech attached is incomplete. Can you send the complete output and mention VIP with which you are facing issues?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

New Member

Hi.We reboot the ACE20, and

Hi.

We reboot the ACE20, and let one contex in this module..  The services is OK now, but my only doub is why the show tech-support is too large and appear the out of command show acl-merge merged-list vlan 93, with a lot of line.. 

I try to run command "show tech-support" again and submit.

 

 

22
Views
0
Helpful
2
Replies