Traffic logged in an interface in down state

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Traffic logged in an interface in down state

L2 Linker

This is our scenario:

- A PA-200 with a subinterface tagged with VLAN ID 200.

- Connected to a Cisco Catalyst switch (trunk with VLAN ID 200 allowed).

- It has been working without problems.

Now, we want to divert traffic to a Cisco router with same IP address as PA-200.

We put Catalyst interface in shutdown state (where PA-200 is connected) at 10.52h.

- We can see interface in "down" state (red) in PA-200.

- We cannot ping this interface IP.

- There's no other interface in this security zone.

But, traffic log is showing that there's some traffic in this interface. How is it possible?

I attach some pictures.

Thank for your answers!

2013-09-18_13h08_22.png

2013-09-18_13h12_02.png2013-09-18_13h13_14.png

1 accepted solution

Accepted Solutions

L4 Transporter

As you can see from the log details, the session start time was at 10:42 and you have the log option set to log at session end (Type: end), log generated time: 12:09. So as pointed out by Anon, these might be the old sessions which timed out much later and a log was generated at session end.

Thanks,

Aditi

View solution in original post

2 REPLIES 2

L4 Transporter

These are most probably sessions which were started before the interface was shutdown. They stay in the session table until they idle out and then produce the session end log entry.

L4 Transporter

As you can see from the log details, the session start time was at 10:42 and you have the log option set to log at session end (Type: end), log generated time: 12:09. So as pointed out by Anon, these might be the old sessions which timed out much later and a log was generated at session end.

Thanks,

Aditi

  • 1 accepted solution
  • 2584 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!