access-list logging rate-limited or missed

Unanswered Question
Feb 22nd, 2006
User Badges:

Hi.

I get the following message "access-list logging rate-limited or missed"

After that happend 2 of our 2950 switches is not rechable anymore.

Is there a way to adjust anything on the switch on wich the above is showing.

it is an 4506 catalyst switch running ios.


I short terms: i want to adjust the switch so the acl shows the entire logging.


grzt marc



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Tue, 02/28/2006 - 07:18
User Badges:
  • Silver, 250 points or more

The message is seen when some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available.


The problem here is that your switch is receiving too much traffic at the same time and he is not able to log every packet. The reason why it doesn't log them is to protect itself from crashing, because it takes processor usage to handle the ACLs logs.


Now we have two solutions for this log message:


1) If you want to disable the messages you need to erase the log keyword from the ACL

statements. (the keyword log :Logs a packet when it matches the ACE)


2)Increasing the amount of packets log (but that will decrease the performance of your

switch)


The logging of acl hits has always been rate limited, but before this enhancement all the packets for which we couldn't issue the log message were just 'forgotten about'. Now with this enhancement we count for how many packets we didn't issue syslog message. This is not configurable behaviour.

Actions

This Discussion