Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


ASA denies L2 broadcasts

Hi folks.

On my ASA 5520 I have an interface that connects to a layer 2 switch for DMZ servers. I regularly get the syslog below whenever the DMZ servers send out a broadcast (which is, of course, quite often.)

What's the best way to make this message go away? Should I just permit the broadcast (even though the ASA won't be able to do anything with it anyways)?

106023 Deny udp src DMZ: dst Inside: by access-group "dmz-in" [0x0, 0x0]

Cisco Employee

Re: ASA denies L2 broadcasts

this is a netbios ip broadcast..ASA would would not allow broadcast through ever..

you may get away with the logg message using

no logg message 106023


Re: ASA denies L2 broadcasts

I'm aware that its a netbios broadcast and as such the ASA wouldn't route it. I'm just trying to clean up the flood of syslogs that I'm getting.

Turning off 106023 would stop ALL 'deny' messages, and that's definitely not what I want. There's a lot of value in looking at what's getting denied, but NO value in seeing denied broadcasts.

I guess I'll just try an explicit permit for the broadcasts and see what happens.