4500 switch Reflexive ACL
hello,
I need to apply an Reflexive ACL on switch 4500.
I looking for IOS of 4500 switch that support in Reflexive ACL, and I dont found..
There is an IOS of 4500 that support Reflexive ACL?
What is?
thanks...
Hi,
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804fde65.html.
configure your reflexive access-list on the inside interface and on the external interface configure your normal access-lists to allow access from internet to dmz
regards
John
Similar Messages
-
Reflexive ACL on a switch interface
Is there any reason a reflexive ACl will not work on a switch port? I see that most examples pertain to routers. We have a 4510 with a Sup 6. I have not tried it yet, but here is the config I came up with :
ip access-list extended internal_acl
permit tcp any any reflect tcptraff
permit udp any any reflect udptraff
permit icmp any any reflect icmptraff
ip access-list extended external_acl
evaluate tcptraff
evaluate udptraff
evaluate icmptraff
deny ip any any
int g1/48
ip access-group internal_acl out
ip access-group external_acl in
Does this look like it will work? Being that the 4510 can't do NAT I need to "hide" what is connected to this particular switch interface. Suggestions?
Poirothere are 2 good basic documents on this topic:
"How To Calculate Bandwidth Utilization Using SNMP"
SNMP Counters: Frequently Asked Questions
Basicly, what you have to do is, to poll the ifHCInOctets and ifHCOutOctets (from the IF-MIB (ifXTable) - e.g ifHCInOctets = .1.3.6.1.2.1.31.1.1.1.6.)
and do some calculation to get bps. This thread gives a good example.
there are 2 Mib objects, which gives directly what you want, but they are deprecated and have 32-bit counters, so they are not of practical use for highspeed (Gig) interfaces:
locIfInBitsSec 1.3.6.1.4.1.9.2.2.1.1.6
locIfOutBitsSec 1.3.6.1.4.1.9.2.2.1.1.8
Typically you will poll these values with snmp instead of sending them; (for 64-bi counters (ifHCInOctets) you 'll have to use snmpv2c or snmpv3) -
Are there caveats with outbound reflexive ACL inside VRFs?
I'm working in a lab environment and notice the reflective ACLs work fine for inbound traffic, but fail for outbound. For example, they will work when I ping the switch, but not when I do a ping from the switch.
This is a 6503-E, SUP32, 12.2(33)SXH8bHello everyone,
just in case someone will face the same problem in the future:
the solution is simple:
- delete the superadmin-User
- restart DTR
- create superadmin and log on to the Developer Studio with the new user
Then the ACLs can be maintained again.
Best regards,
Cornelia -
Hi All...
I want to ask some question related with ACL.
There is a vlan Finance in my office. The requrement : Vlan Finance is allow to access internet and selected host/network and not allow to access internal network. But from internal network can access to Vlan Finance (Full access). I want to configure using Reflexive ACL, but from Datasheet 4500 doesn't support Reflexive ACL. Intervlan routing is in 4500.
Is there any ACL configuration to support my requirement without using Reflexive ACL?
Thanks...Antony
Unfortunately this is a job for reflexive acls as i suspect you know. If you need restrict finance from accessing the LAN but allow LAN to access finance you really do need reflexive acls or a stateful firewall either an ASA or a router running CBAC.
If the connections were only TCP you may be able to use the "established" keyword if the 4500 supports it but that won't help with non-TCP connections.
Jon -
Best way to configure and connect two 4500 switches
I have a core 4507r+e in our production environment. We just acquired a 4500r and I would like to use it a distribution switch. What’s the best way to configure the new 4500r switch to connect to the core 4500 switch?
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
BTW, when you link your core to your distribution, the connecting link can be L2, L3 or both.
What I wanted to bring to your attention, 4500s can often easily oversubscribe some of their ports. Much depends on the sup and line cards being used. When you want to interconnect a core and distribution, you don't want to use a port that's something like 8:1 oversubscribed. (Further, if you're doing mostly L2, and all traffic L3 has to go to the core, depending on you traffic flows, a single link might have insufficient bandwidth.)
Also from core to distribution, if possible, it's good to avoid single points of failure. So if you only have one link between them, that link's transceivers (if used), the ports connected to, the line card connected to, are all single points of failure. (Of course, with only single sups in each chassis, that too is a single point of failure. From what you've described, from a performance and redundancy standpoint, you might actually be better off using a 4510R, with your two sups [if same model] and line cards - creating a collapsed core/distribution.) -
I am confused about using reflexive ACL in my network. As per Cisco reflexive ACL will filter outbound traffic on the upper layer and deny any IP traffic coming inside the network. But I do have Webserver and iNotes servers hosted in my DMZ, these servers are accessed by external users by internet. Can anyone please help in this regard, how to use reflexive ACL while webservers are hosted in my internal network?
Hi,
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804fde65.html.
configure your reflexive access-list on the inside interface and on the external interface configure your normal access-lists to allow access from internet to dmz
regards
John -
Hello,
I've created a reflexive ACL to allow IP SLA flows between two routers. Looking at the ACL counters, none of the outbound or inbound IP SLA permit statements are incrementing. Looking at the logs, I can see that my IP SLA return traffic is being blocked by the inbound ACL (I created a "deny ip any any log" at the end of my inbound ACL). Since the outbound reflexive statements aren't handling the outbound traffic (the counters aren't incrementing), the inbound reflexive ACL statements aren't being built. When I remove the ACLs, the IP SLA traffic flows normally.
Do ACLs apply to network traffic originated from the router? If not, how could I build a reflexive ACL to support IP SLA traffic?
Thanks,
RobHello Robert,
Traffic generated from the routed itself is not taken into consideration for Reflexive ACLs sessions
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com -
OSPF in IP Base License (Cisco 4500 switch)
Hi,
Can someone explain what is the purpose or meaning of "OSPF for Routed Access" in IP Base license for 4500 switch? I'll be installing 4500 switch for my distribution, and 6500 switch for my core. These two switches will use OSPF as their routing protocol. The 6500 comes with an IP Service license, while 4500 comes with IP Base license only. I am worried if I will have a problem implementing OSPF between the two since IP base states it has "OSPF for roued access", while IP services supports OSPFv2 and v3.
Please help...
thanks,
shawnShawn
OSPF for routed access is designed to allow you to extend L3 to your access layer. It supports one instance of OSPF and up to 200 routes. That said i have come across a thread on here where a person reports having many more routes so i'm not sure it is a hardwired limit but i would try and stay within that.
See this link for details -
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/product_bulletin_c25-553133.html
Edit - i should say i have not use it myself but from the document it seems pretty clear it is simply a normal OSPF setup but limited to how many routes you can have.
Jon -
hello,
could anyone please post screen capture of ISE posture configuration ( and remediation )
I need urgently a dACL and a redirection ACL that work at least in a mockup lab.
Authentification and authorizations policies not needed.
posture and remediation policies not needed.
The issue is about ACLs (I guess)
Also needed is a valid switch config file, with ACL (if necessary) a the DOT1x ethernet port.
My IOS is 122.55 SE or 52 SE
Thank you by advance.
Best regards.
V.Hi Venkatesh,
Your the ultimate ISE Guru !!
You're right
Thanks a lot.
See screen captures and Sw config below
aaa new-model
aaa group server radius ISE
server 192.168.6.10 auth-port 1812 acct-port 1813
server 192.168.6.10 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication dot1x default group ISE
aaa authorization network default group ISE
aaa authorization network auth-list group ISE
aaa authorization auth-proxy default group radius
aaa accounting dot1x default start-stop group ISE
aaa server radius dynamic-author
client 192.168.6.10 server-key 123456789
ip dhcp snooping
ip device tracking
dot1x system-auth-control
dot1x critical eapol
interface FastEthernet1/0/1
switchport mode access
ip access-group ACL-ALLOW in
authentication port-control auto
authentication periodic
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
spanning-tree bpduguard enable
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
permit ip any any
ip access-list extended ACL-POSTURE-REDIRECT
deny udp any any eq domain
deny udp any host 192.168.6.10 eq 8905
deny udp any host 192.168.6.10 eq 8906
deny tcp any host 192.168.6.10 eq 8443
deny tcp any host 192.168.6.10 eq 8905
deny tcp any host 192.168.6.10 eq www
permit ip any any
snmp-server community snmp RO
snmp-server community RO RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps mac-notification change move threshold
snmp-server host 192.168.6.10 public
snmp-server host 192.168.6.10 version 2c snmp mac-notification
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server host 192.168.6.10 auth-port 1645 acct-port 1646 key 123456789
radius-server vsa send accounting
radius-server vsa send authentication
V. -
Interface status on Cisco CAt 4500 switch as source-monitoring
Hi Guys,
I have assigned int gi3/45 on my Cisco 4500 CAT switch as the monitoring port as source and gi3/47 as the destination.
I see this:
GigabitEthernet3/45 is up, line protocol is down (monitoring)
but on the destination port both are up, interface up and line protocol up.
is this natural? I have executed the no shutdown on gi3/45 but it still says down!
is this normal? or there is a problem? i have monitoring on my edge switch CAT 3560 but both are saying UP/UP, shouldn't this be the same since both swithces are running Cisco IOS.
Please respond. I appreciate your input and thanks in advance.
Masoodthis interface (g 3/45) is the destination, it says so "monitoring", it normal for the "destination" or "monitoring" port to be up/down coz it's not sending or receiving traffic destined to it, only the mirrored packets from the source port. can you post the "show monitor session #"?
-
Hello,I've deployed a Netgear M5300 series L3 switch underneath of a Sonicwall NSA2600 with stateful HA. Under the switch, there's another 20+ L2 switches at various locations.The issue I'm currently dealing with is there is now a requirement that all VLANs (20 or so) MUST be segregated from each other fully. This normally wouldn't be much of an issue, because you'd just turn off routing and cut the switch down to L2 functionality, but the L3 switch is handling DHCP to 15 of these VLANs.As far as I'm aware, you can't assign ACLs to virtual interfaces on Netgear switches, so I'm under the belief that the only course of action I currently have is to remove all L3 functionality from the Switch and allow the NSA2600 to take the DHCP requests; Set up the L3 with a few tagged (trunk) ports back to the Sonicwall, and just let the Sonicwall...
This topic first appeared in the Spiceworks CommunityHow many vlans are you going to be hosting on those switches? If you wish to firewall off intervlan communication, then what you can do is take the 3750 and use it as a layer 2 device and put the gateways onto the ASA firewalls. You can create sub-interfaces under one physical interface (a sub-interface per vlan) or you can split this over more (I believe the 5525s come with 4x 1GE copper interfaces???). In this situation the firewall would have to be in routed mode.
The concern is valid. Since this is public facing, any attacker externally, or a compromised machine internally in your network could generate a large connection attack and eat up the state table of the ASA. This concern applies for any appliance, or server. -
How to see 4500 switching capacity
If I run the following command on a 6500 series switch:
sh platform hardware capacity fabric
I get the following output:
Switch Fabric Resources
Bus utilization: current: 0%, peak was 24% at 07:25:01 PDT Tue Aug 6 2013
Fabric utilization: Ingress Egress
Module Chanl Speed rate peak rate peak
5 0 20G 0% 1% @11:29 06Oct14 0% 9% @16:03 17Jun11
6 0 20G 0% 8% @16:03 17Jun11 0% 8% @07:25 06Aug13
6 1 20G 0% 4% @09:40 01Oct14 0% 7% @13:53 30Jun12
7 0 20G 0% 8% @07:25 06Aug13 0% 9% @16:03 17Jun11
7 1 20G 0% 1% @04:40 04Oct14 0% 2% @07:24 06Aug13
8 0 8G 0% 62% @17:19 26Sep12 0% 56% @17:19 26Sep12
Switching mode: Module Switching mode
5 bus
6 dcef
7 acef
8 crossbar
I want to see information similar to the above, but on a 4500 series switch. I can't seem to find a similar command. Help please?Hi
There is capacity tab page where you can define available capacity
If you want to show capacity as you mentioned then as per my opinion you will have to maintain classification view in the workcenter. there you can have class with some capacity character and there you can mention machine capacity. you can also use this for some of your calculations if needed.
The path is... oper workcenter through CR01/CR02.....Extras....classification..
Let me know if you have different say
Regards
Neeraj -
Connecting FI to Catalyst 4500 switch
Hello Experts,
We are planning to connect Cisco UCS Fabric Interconnect to (WS-X4648-RJ45-E) module on 4500 Catalyst Switch.
What SFP module do we need to install on the Fabric Interconnect for this connection ?
Thank you,
MohammadHi Mohammad,
Following is the URL to the datasheet for the fabric interconnects:
http://www.cisco.com/en/US/prod/collateral/ps10265/ps10276/data_sheet_c78-524724_ps10280_Products_Data_Sheet.html
It has a section for all the supported SFPs on the FIs.
Hope this helps!
./Abhinav -
Replacing 3COM 4500 switches with SG300-52 - help
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. I was hoping someone might know what settings i should set on the Cisco for the following setups:
3COM Setup
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 1 20 100 untagged
port hybrid pvid vlan 100
My Cisco Translation
interface gigabitethernet1
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 20,100 untagged
switchport general pvid 100
exit
and one other example i'm curious if i set right..
3COM Setup
interface GigabitEthernet1/0/48
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 100
My Cisco Translation
interface gigabitethernet51
switchport trunk allowed vlan add 10,20
switchport trunk native vlan 100
exit
Trying these settings I am not able to get any devices to work on the switch so i'm guessing i have something not setup correctly. Any help would be greatly appreciated..
THanks,
ChrisChris,
Compared to your 3com switches yes the commands you currently ran are comparable. The reason it’s not working is a bigger question and we need a complete picture. First we need a topology(detailed as possible) of your network and details on how things need to work/setup? Then we can set up accordingly to the devices on your network. For quicker resolution call into the SBSC @ 1-866-606-18666 and open a support case .
Thanks,
Jasbryan -
Weird CPU Resources 4500 Switch
Hello Forum Members,
A little bit Question,
Our 4506 Switch act as a core, for last 3 weeks our CPU performance is on normal always at 65-70% utilization in weekday and 30-35% in Weekend. but this weekend at saturday our switch reach 97-99% for more than 1 hours.
How can i investigate this case? i monitor this switch with NMS Software.
Is there any way to find the root cause for this case.
Need Forum members help.
thanx
hamzah#Show proc cpu sort | ex 0.00
28 2955212 455433 6488 77.67% 47.85% 40.66% 0 Cat4k Mgmt LoPri
27 945920 2123818 445 12.23% 11.28% 10.98% 0 Cat4k Mgmt HiPri
38 382720 357889 1069 3.91% 4.34% 4.30% 0 Spanning Tree
44 100136 336531 297 1.51% 1.12% 1.06% 0 IP Input
81 26604 176099 151 0.63% 0.34% 0.29% 0 Standby (HSRP)
16 53696 97695 549 0.63% 0.73% 0.66% 0 ARP Input
33 2340 61380 38 0.15% 0.04% 0.01% 0 Net Input
69 4312 61583 70 0.15% 0.05% 0.03% 0 VLAN Manager
50 7356 19463 377 0.15% 0.12% 0.11% 0 CEF process
93 8984 92831 96 0.07% 0.05% 0.05% 0 IP-EIGRP(0): PDM
49 2960 3447 858 0.07% 0.07% 0.06% 0 Adj Manager
94 6384 94908 67 0.07% 0.07% 0.07% 0 IP-EIGRP(0): HEL
#sh platf hea
%CPU %CPU RunTimeMax Priority Average %CPU Total
Target Actual Target Actual Fg Bg 5Sec Min Hour CPU
Lj-poll 1.00 0.03 2 1 100 500 0 0 0 0:02
GalChassisVp-review 3.00 0.20 10 22 100 500 0 0 0 0:13
S2w-JobEventSchedule 10.00 0.79 10 9 100 500 0 0 0 1:08
Stub-JobEventSchedul 10.00 1.94 10 5 100 500 1 1 1 2:33
Pim-review 0.10 0.01 1 0 100 500 0 0 0 0:00
Ebm-host-review 1.00 0.38 8 4 100 500 0 0 0 0:07
Ebm-port-review 0.10 0.00 1 0 100 500 0 0 0 0:00
Protocol-aging-revie 0.20 0.00 2 0 100 500 0 0 0 0:00
Acl-Flattener 1.00 0.00 10 5 100 500 0 0 0 0:00
KxAclPathMan create/ 1.00 0.00 10 5 100 500 0 0 0 0:30
KxAclPathMan update 2.00 0.00 10 1 100 500 0 0 0 0:01
KxAclPathMan reprogr 1.00 0.00 2 0 100 500 0 0 0 0:00
TagMan-InformMtegRev 1.00 0.00 5 0 100 500 0 0 0 0:00
TagMan-RecreateMtegR 1.00 0.00 10 4 100 500 0 0 0 0:00
K2CpuMan Review 30.00 11.08 30 47 100 500 8 8 7 12:31
K2AccelPacketMan: Tx 10.00 4.58 20 2 100 500 4 4 3 5:43
K2AccelPacketMan: Au 0.10 0.00 0 0 100 500 0 0 0 0:00
K2AclMan-taggedFlatA 1.00 0.00 10 2 100 500 0 0 0 0:00
K2AclCamMan stale en 1.00 0.00 10 5 100 500 0 0 0 0:00
K2AclCamMan hw stats 3.00 0.09 10 5 100 500 0 0 0 0:38
K2AclCamMan kx stats 1.00 0.00 10 5 100 500 0 0 0 0:13
K2AclCamMan Audit re 1.00 0.00 10 5 100 500 0 0 0 0:17
K2AclPolicerTableMan 1.00 0.00 10 0 100 500 0 0 0 0:00
K2L2 Address Table R 2.00 1.03 10 8 100 500 0 0 0 0:16
K2L2 New Static Addr 2.00 0.00 10 7 100 500 0 0 0 0:00
K2L2 New Multicast A 2.00 0.00 10 7 100 500 0 0 0 0:00
K2L2 Vlan Table Revi 2.00 0.00 12 8 100 500 0 0 0 0:00
K2 L2 Destination Ca 2.00 0.00 10 0 100 500 0 0 0 0:00
K2PortMan Review 2.00 3.20 15 11 100 500 2 2 1 3:26
Gigaport0 Review 0.40 0.06 4 1 100 500 0 0 0 0:06
Gigaport1 Review 0.40 0.06 4 1 100 500 0 0 0 0:06
Gigaport2 Review 0.40 0.06 4 1 100 500 0 0 0 0:06
Gigaport3 Review 0.40 0.06 4 1 100 500 0 0 0 0:06
Gigaport4 Review 0.40 0.06 4 1 100 500 0 0 0 0:06
Gigaport5 Review 0.40 0.06 4 1 100 500 0 0 0 0:07
Gigaport6 Review 0.40 0.08 4 2 100 500 0 0 0 0:06
Gigaport7 Review 0.40 0.10 4 1 100 500 0 0 0 0:07
Gigaport8 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
Gigaport9 Review 0.40 0.07 4 1 100 500 0 0 0 0:05
Gigaport10 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
Gigaport11 Review 0.40 0.09 4 1 100 500 0 0 0 0:06
Gigaport12 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport13 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport14 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport15 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport16 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport17 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport18 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
Gigaport19 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
Gigaport20 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
Gigaport21 Review 0.40 0.06 4 1 100 500 0 0 0 0:07
Gigaport22 Review 0.40 0.06 4 1 100 500 0 0 0 0:06
Gigaport23 Review 0.40 0.06 4 1 100 500 0 0 0 0:06
Gigaport24 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport25 Review 0.40 0.09 4 1 100 500 0 0 0 0:06
Gigaport26 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
Gigaport27 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
Gigaport28 Review 0.40 0.09 4 1 100 500 0 0 0 0:06
Gigaport29 Review 0.40 0.09 4 1 100 500 0 0 0 0:06
Gigaport30 Review 0.40 0.08 4 1 100 500 0 0 0 0:06
Gigaport31 Review 0.40 0.07 4 1 100 500 0 0 0 0:06
K2Fib cam usage revi 2.00 0.00 15 0 100 500 0 0 0 0:00
K2Fib IrmFib Review 2.00 0.00 15 0 100 500 0 0 0 0:00
K2Fib AdjRepop Revie 2.00 0.00 15 0 100 500 0 0 0 0:00
K2Fib Vrf Unpunt Rev 2.00 0.00 15 0 100 500 0 0 0 0:00
K2Fib Consistency Ch 1.00 0.00 5 2 100 500 2 2 1 1:58
K2FibAdjMan Stats Re 2.00 0.14 10 7 100 500 0 0 0 0:47
K2FibAdjMan Host Mov 2.00 1.72 10 7 100 500 1 0 0 1:36
K2FibAdjMan Adj Chan 2.00 0.00 10 1 100 500 0 0 0 0:00
K2FibMulticast Signa 2.00 0.10 10 2 100 500 0 0 0 0:03
K2FibMulticast Entry 2.00 0.00 10 6 100 500 0 0 0 0:00
K2FibMulticast Irm M 2.00 0.00 10 7 100 500 0 0 0 0:00
K2FibFastDropMan Rev 2.00 0.00 7 0 100 500 0 0 0 0:00
K2FibPbr route map r 2.00 0.03 10 9 100 500 0 0 0 0:17
K2FibPbr flat acl pr 2.00 0.01 10 9 100 500 0 0 0 0:04
K2FibPbr consolidati 2.00 0.00 10 0 100 500 0 0 0 0:01
K2FibPerVlanPuntMan 2.00 0.00 15 2 100 500 0 0 0 0:00
K2FibFlowCache flow 2.00 0.02 10 8 100 500 0 0 0 0:06
K2FibFlowCache flow 2.00 18.85 10 8 100 500 40 42 23 38:23
K2FibFlowCache adj r 2.00 0.03 10 5 100 500 0 0 0 0:10
K2FibFlowCache flow 2.00 0.00 10 2 100 500 0 0 0 0:01
K2MetStatsMan Review 2.00 0.58 5 2 100 500 0 0 0 0:28
K2FibMulticast MET S 2.00 0.00 10 0 100 500 0 0 0 0:00
K2QosDblMan Rate DBL 2.00 0.12 7 0 100 500 0 0 0 0:09
IrmFibThrottler Thro 2.00 0.00 7 5 100 500 0 0 0 0:01
K2 VlanStatsMan Revi 2.00 1.04 15 4 100 500 0 0 0 1:08
K2 Packet Memory Dia 2.00 0.00 15 8 100 500 0 0 0 1:15
K2 L2 Aging Table Re 2.00 0.06 20 3 100 500 0 0 0 0:13
RkiosPortMan Port Re 2.00 0.24 12 39 100 500 0 0 0 0:21
Rkios Module State R 4.00 0.02 40 5 100 500 0 0 0 0:02
RkiosIpPbr IrmPort R 2.00 0.11 10 8 100 500 0 0 0 0:15
RkiosAclMan Review 3.00 0.03 30 1 100 500 0 0 0 0:04
MatMan Review 0.50 0.00 4 0 100 500 0 0 0 0:00
ILC Manager Review 5.00 0.00 10 0 100 500 0 0 0 0:00
ILC S2wMan Review 5.00 0.00 15 0 100 500 0 0 0 0:00
ILC Manager Review 5.00 0.00 10 0 100 500 0 0 0 0:00
ILC S2wMan Review 5.00 0.00 15 0 100 500 0 0 0 0:00
ILC Manager Review 5.00 0.00 10 0 100 500 0 0 0 0:00
ILC S2wMan Review 5.00 0.00 15 0 100 500 0 0 0 0:00
ILC Manager Review 5.00 0.00 10 0 100 500 0 0 0 0:00
ILC S2wMan Review 5.00 0.00 15 0 100 500 0 0 0 0:00
ILC Manager Review 5.00 0.00 10 0 100 500 0 0 0 0:00
ILC S2wMan Review 5.00 0.00 15 0 100 500 0 0 0 0:00
ILC Manager Review 5.00 0.00 10 0 100 500 0 0 0 0:00
ILC S2wMan Review 5.00 0.00 15 0 100 500 0 0 0 0:00
EthHoleLinecardMan(1 2.00 0.01 10 8 100 500 0 0 0 0:02
EthHoleLinecardMan(2 2.00 0.14 10 5 100 500 0 0 0 0:21
EthHoleLinecardMan(3 2.00 0.17 10 5 100 500 0 0 0 0:21
EthHoleLinecardMan(4 2.00 0.35 10 4 100 500 0 0 0 0:21
%CPU Totals 237.80 49.75
Allocation ceiling Current allocation
kbytes % in use kbytes % in use
Linecard 1's Store 258.00 3% 8.56 100%
Linecard 2's Store 258.00 3% 9.48 100%
Linecard 3's Store 258.00 3% 9.48 100%
Linecard 4's Store 258.00 3% 9.48 100%
Linecard 5's Store 258.00 60% 156.43 100%
Linecard 6's Store 258.00 60% 156.40 100%
TSM objects ------------------ ------------------
RkiosSysPacketBuf 250.00 0% 250.00 0%
PacketBufRaw 20355.00 100% 20355.00 100%
PacketBufRawJumbo 732.81 25% 183.20 100%
Packet 1026.56 0% 1026.56 0%
PacketInfoItem 390.62 0% 1.95 0%
VbufNodes2400 80.75 0% 20.18 0%
VbufNodes1600 55.75 0% 13.93 0%
VbufNodes400 73.00 5% 18.25 21%
VbufNodes64 62.00 0% 31.00 0%
PimPhyports 968.75 24% 238.31 100%
PimPorts 789.06 31% 244.60 100%
PimModules 148.00 2% 9.25 37%
PimSlots 4.00 2% 0.25 37%
PimChassis 16.87 6% 1.05 100%
EbmVlans 2560.00 1% 36.25 100%
EbmVlanHostEntrys 2048.00 4% 86.62 97%
EbmVlanGroupEntrys 1856.00 0% 58.00 10%
EbmPorts 168.00 30% 50.85 100%
EbmPortHostEntrys 320.00 0% 20.00 0%
EbmIeNodes 536.00 0% 5.23 80%
EbmPortVlanAclFeatur 31.99 0% 0.02 0%
EbmSortedHostTableIt 1.87 0% 1.87 0%
EbmSortedGroupTableI 1.75 0% 1.75 0%
IrmVrfs 6.60 1% 6.60 1%
IrmFibAdjs 768.00 3% 96.00 28%
IrmPortEtherAddrEntr 375.00 0% 0.25 100%
IrmFibEntries 10240.00 1% 140.42 96%
AclL4Op 384.00 0% 384.00 0%
AclL4OpTriplet 256.00 0% 256.00 0%
AclClassifier 768.00 0% 768.00 0%
AclFeature 351.00 0% 351.00 0%
Acl 384.00 0% 384.00 0%
Ace 1280.00 0% 1280.00 0%
AceActionDescStorage 256.00 0% 0.00 0%
AclListNode 256.00 0% 256.00 0%
AceListNode 1280.00 0% 4.01 85%
AclClassifierActionL 512.00 0% 512.00 0%
AclLayerFeatureListN 512.00 0% 0.10 69%
FlatAcl 512.00 0% 0.18 66%
FlatAce 3840.00 0% 27.59 86%
FlatAceActionListNod 7680.00 0% 11.97 86%
FlatAclL4OpSetStorag 1024.00 0% 0.01 0%
FlatAclCacheNode 1024.00 0% 0.25 100%
QoS Policers 160.00 0% 40.00 0%
KxAclPath 1024.00 0% 0.06 100%
KxAclPathListNode 256.00 0% 0.01 0%
GalGbicEntrys 10.39 0% 10.39 0%
CommandTables 48.00 20% 9.93 100%
K2FibPbrFlatRouteMap 481.46 0% 0.76 100%
K2FibPbrExpandedFlat 2304.00 0% 13.88 99%
K2FibPbrFlatRouteMap 320.00 0% 0.54 100%
K2FibVrfs 38.33 1% 0.58 100%
K2TxPacket 384.00 0% 0.75 0%
K2TxPacketInfo 256.00 0% 0.50 0%
MatEntrys 5632.00 0% 10.31 100%
MatEntryTableIterato 1.12 0% 1.12 0%
RkiosAclMan NamedGal 42.18 0% 42.18 0%
Rkios Acl VlanMaps 272.00 0% 272.00 0%
Rkios Acl VlanMapEnt 1015.62 0% 1015.62 0%
Rkios QoS PolicyMaps 34.50 0% 6.00 0%
Rkios QoS ClassMaps 896.00 0% 896.00 0%
AclToIosFilterMapLis 384.00 0% 384.00 0%
Rkios QoS Policers 32.00 0% 8.00 0%
Event Nodes 84.00 0% 80.00 0%
Event Nodes 84.00 1% 80.00 1%
KxAclTagPairNode 2176.00 0% 0.06 100%
KxAclMappingTableEnt 96.02 0% 96.02 0%
KxAclMappingTableEnt 64.01 0% 64.01 0%
KxAclTaggedFlatAcl 768.00 0% 0.02 100%
RkisoIpPbrRouteMaps 97.65 0% 0.01 100%
IrmFlows 224.00 60% 135.62 99%
TSM totals 81370.74 26% 30301.10 71%
Maybe you are looking for
-
Unable to render video in PSCS4 - Error Messages
(Reposted here from CS Forum on a suggestion) I am unable to render video it seems. Despite having the latest QuickTime Pro in stalled and all updates to Vista 32 bit and to CS4 Design Premium, I get the following error message: "The procedure entry
-
Problem upgrading memory of a mac mini 2010
I have a Mac mini 2010 with these memories 2 x 1GB PC2-5300 667MHz Ram http://i.imgur.com/L25KW0q.jpg I bought a memoir of Ebay and do not work. Insert 2 modules and makes strange beeps on boot, if I put up does nothing starts without beeping and not
-
Problem With Website With Safari and not Firefox
I have just started having a problem with Safari, which I hope someone here will be able to solve pretty quickly. Just recently, when I go to my online banking, I enter my username and password with no problem. My accounts show up. But, when I select
-
I want to run loader concurrent program in package..
i want to run loader concurrent program in package.. i had registered my package in front-end and also loader, i want query that how to call loader CP in package
-
Your guess re operating system is correct, problem happens in v4.0, I uninstalled and reinstalled V3.6.17. I have not downloaded any plug-ins at all. Works correctly using MS I Explorer! Is happening in all my gmail accounts (about 5) except one! Hav