Traffic logged in an interface in down state

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

Traffic logged in an interface in down state

This is our scenario:

- A PA-200 with a subinterface tagged with VLAN ID 200.

- Connected to a Cisco Catalyst switch (trunk with VLAN ID 200 allowed).

- It has been working without problems.

Now, we want to divert traffic to a Cisco router with same IP address as PA-200.

We put Catalyst interface in shutdown state (where PA-200 is connected) at 10.52h.

- We can see interface in "down" state (red) in PA-200.

- We cannot ping this interface IP.

- There's no other interface in this security zone.

But, traffic log is showing that there's some traffic in this interface. How is it possible?

I attach some pictures.

Thank for your answers!

2013-09-18_13h08_22.png

2013-09-18_13h12_02.png2013-09-18_13h13_14.png


Accepted Solutions
Highlighted
L4 Transporter

As you can see from the log details, the session start time was at 10:42 and you have the log option set to log at session end (Type: end), log generated time: 12:09. So as pointed out by Anon, these might be the old sessions which timed out much later and a log was generated at session end.

Thanks,

Aditi

View solution in original post


All Replies
Highlighted
L4 Transporter

These are most probably sessions which were started before the interface was shutdown. They stay in the session table until they idle out and then produce the session end log entry.

Highlighted
L4 Transporter

As you can see from the log details, the session start time was at 10:42 and you have the log option set to log at session end (Type: end), log generated time: 12:09. So as pointed out by Anon, these might be the old sessions which timed out much later and a log was generated at session end.

Thanks,

Aditi

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!