Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSS: how to troubleshoot no rule bypass count > 0

Hi,

I have some strange feeling that something is wrongly configured on one of my CSS because if you do a show summary the "no rule bypass count" is not 0.

Can somebody help me how to troubleshoot this, i.e. how to find out what kind of traffic this is?

Rgds.

Pat

1 REPLY
Bronze

CSS: how to troubleshoot no rule bypass count > 0

Hi Pat-

  No Rule Bypass means a packet is hitting the CSS that does not belong to a content rule. This could be entirely normal, or anomouls.

  Traffic sent to the CSS MAC address, or bridged through it create a flow wether they hit a vip or not. This would inciment the counter in question.  It is common for a CSS to be the gateway, or in the direct path of the server. So any call the server makes, say to the DNS server, or a database server, etc. would inciment the counter.

  Anomouls traffic would be IPv6, fragments headed to a Content Rule IP that could not be reassembled, etc.

In terms of troubleshooting it, traces are the only for-sure way to determine what it is.  The css allows you to configure span sessions, so you can mirror your ports to a sniffer and take a peek.

Regards,

Chris Higgins

443
Views
0
Helpful
1
Replies
CreatePlease to create content