[c-nsp] FWSM loading shuns
Jeff Fitzwater
jfitz at Princeton.EDU
Fri Oct 17 16:00:15 EDT 2008
We use the FWSM "shun" command in a script to automatically load shuns
as needed, but it takes forever to load because of the time it takes
the FWSM to do it job.
Our FWSM runs version 4.0.2 in transparent mode and has three bridge
groups, each of which has an inside and outside interface.
The shun command runs through all 6 interfaces when it loads and takes
about 10s per shun; So a list of around 120 would take about 20 min.
Not to mention there is no way to save them in the FWSM and are lost
after reset.
Q. Has anybody found a way around this or even use SHUN?
I thought that using the SHUN would be simpler than modifying an ACL,
but it might be faster.
Jeff Fitzwater
OIT Network Systems
Princeton University
More information about the cisco-nsp
mailing list