This is a followup of my previous question about FWSM "show shun
statistics" and the counter value being only 64K.
I sent the problem to CISCO tech which returned the following
response...
----------
I have confirmed with our developers that the hit count is a two
byte counter in the NPs so the limit is actually 64K. Currently we
do not have a way to increase it beyond that.
---------
My followup question to the list is....
On an ASA or PIX is the counter larger than 64K, 2 bytes? In reading
a CISCO book on ASA PIX and FWSM, they show an example that has a host
counter value of 21277328 which is clearly over 64K.
I am guessing that maybe a PIX or ASA has a larger counter. If the
FWSM truly only has 64k, which is what I see on my FWSM running 4.02,
this is almost useless especially when counter wraps multiple times or
even wraps to the same value (unlikely as that may be). We do some
calculations on the counter to determine how long to keep the shun in
place, but as we found out it is only 64K which with certain scans
hits 64k quickly and wraps.
Does anybody see the same problem or can you confirm the counter size
on PIX ASA or FWSM?
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
