Please reference this image from cisco website of a typical 5558-X chassis.
http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5585guide/5585Xhw/overview.html#pgfId-1100238
The hw-module slot1 which encompass the IPS also carries the GIGE interfaces gi 1/0-7 and the 10GIGE interfaces as well 1/8-9.
Shutting down the hw-module slot1 will "DROP" all interfaces in slot1 and not just the IPS modules.
Take a look at these show outputs;
And the available hardware module commands
1: So the meer issuing of a hw-module #1 shutdown, actually shutdown the whole slot1 and NOT just the IPS
2: A issuing of a hw-module #1 reload, will not disturb any GIGE interfaces on slot#1
I found this interesting while diagnostic and debugging a buggy IPS module. I have a case open with TAC over these issues. They are looking into it a trying to determine if this is normal behavior.
I found it funny cisco won't let you shutdown slot#0, but they allow slot#1 , and it will bring all interfaces on that slot down including the IPS module that I was trying to trouble shoot.
http://socpuppet.blogspot.com/2015/01/asa-ips-modules-reloads-732-e4.html
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
@
/ \
No comments:
Post a Comment