Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hi All

I have quite a strange one here. I have been getting these entries in the logs:

Mar 3 15:11:09.883 SA: %SEC-6-IPACCESSLOGP: list 191 denied tcp ->, 1 packet

RTRD11-105WEST# sh access-lists 191

Extended IP access list 191

deny ip host any log (194 matches) permit ip any any log (22212 matches)

in appox 90 minutes on only one sub interface there is 194 matches!


I saw this on one of our distribution routers, outgoing towards the branch. i.e. I applied this ACL on the outgoing sub interface towards my branch. Something on the inside of my distrubution router has a source address of

Also, on the branches side I will then get incompleted arp entries, where a random IP on the local ethernet wil be picked and the mac-addres is incomplete.

Anybody seen this?



With the info that is now provided, it is hard to say anything about it. is a general purpose loopback address that could be on any host.

Maybe the destination host can help to explain things. Regarding this adress I would investigate

a: does it exist?

b: what kind of machine is it?

c: what nodes can be expected to communicate with it?

Another option is to use a sniffer to track the source mac-address. If you cannot deduce otherwise where the data comes from, this might be the one to go for.



New Member


Thanks for your post Leo, but that is exactly my problem, the destination address does not exist, that's why I am getting the incomplete arp entries on my branch router.

Only option I can see is the sniffer. Might take some time to organise one though.

PS: This seems to be hapening to all my branches in that is connecting to this distrubution router.

CreatePlease login to create content