Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
5
Helpful
2
Replies

Access-list logs

Spinu Viorel
Level 1
Level 1

‎07-16-2009 07:17 AM - edited ‎03-04-2019 05:27 AM

Hello,

I have a router 1812. I have access-list 104 applied on my outside interface, inbound direction , that denies all traffic coming from Internet. I have this log :

%SEC-6-IPACCESSLOGP: list 104 denied tcp 218.234.21.153(6000) -> 89.149.2.175(1433), 1 packet

But 89.149.2.175 is not my IP. This IP belongs to my ISP. But how can this packet that has as destination NOT my IP come to my router. Could this be a broadcast message?

I also have these:

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 32 packets

%SYS-2-LINKED: Bad enqueue of 842FD608 in queue 834EDB68 -Process= "IP Input", ipl= 6, pid= 70 -Traceback= 0x80904DD8 0x80352A38 0x80403458 0x80404438 0x80404594 0x8006FD04 0x81EE5CF4 0x81859D7C 0x81869218 0x81A278AC 0x81A27950 0x81A27BE8 0x80CE54CC 0x80CE5E78 0x80CE4268 0x80CE47C8 Failed to enqueue free subblock

What are these?

thank U!

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-16-2009 11:10 AM

Hello Spinu,

about second message:

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 32 packets

means that to avoid excessive cpu load the router decides to rate-limit the number of messages to be written in the log

As a result of this in last interval 32 packets have been missed = not reported in the log

Be aware that initial packet has to be written, subsequent packets of same flow have one line written every 5 minutes with the aggregate count on last interval.

>> %SYS-2-LINKED: Bad enqueue of 842FD608 in queue 834EDB68 -Process= "IP Input", i

this means that a memory allocation issue trying to enqueue data structures for process IP input

this can be a sign of momentary lack of resources

using the error message decoder under support page -> tools -> show all

it is possible to get more detailed info

(I will post it here when it will answer)

1. %SYS-2-LINKED: Bad [chars] of [hex] in queue [hex]

An internal software error has occurred.

Recommended Action: If this message recurs, copy the error message exactly as it appears on the console or in the system log, contact your Cisco technical support representative, and provide the representative with the gathered information.

Related documents- No specific documents apply to this error message

About the first it is possible to receive packets not destined for you and the acl has blocked it.

Hope to help

Giuseppe

Spinu Viorel
Level 1
Level 1
In response to Giuseppe Larosa

‎07-16-2009 12:09 PM

Thank u for your time!

I will get in contact with Cisco technical support representative and I will put the answer here.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card