Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
4
Replies

Problem with severity 1 error message 106101

cco1
Level 1
Level 1

‎11-27-2006 12:42 AM - edited ‎03-09-2019 04:56 PM

Hi!

About 10 days ago the FWSM started to create the error message 106101, saying that "The number of ACL log deny-flows has reached limit 4096". The Cisco-documentation recommends no further action due to that error message.

But now, the FWSM creates this error message every 5 minutes and in syslog i can just see "normal" port-scanning activities, but no massive DoS attacks.

Is there a possibilty to get rid of this error message, maybe by clearing some buffers on the FWSM?

Also, is there a possibility to find out, which ACL forced the FWSM creating this error message?

Thanks!

Regards,

Marco

Labels:
0 Helpful
4 Replies 4

zubairjalal
Level 1
Level 1

‎11-27-2006 01:05 AM

You can configure the FWSM so that it does not log this message by giving the commmand

no logging message 106101

For checking the ACL, maybe you can check the hit counts in the show access-list command output.

--Pls rate if it helps---

0 Helpful

a.kiprawih
Level 7
Level 7

‎11-27-2006 01:32 AM

To disable the message from being logged by FWSM, try:

no logging message

Example:

fwsm(config)#no logging message 106101

The message is generated if you have ACL entry with deny statement "access-list xxx deny xxxx" command.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_system_message_guide_chapter09186a0080224d47.html#wp1038757

HTH

AK

0 Helpful

cco1
Level 1
Level 1
In response to a.kiprawih

‎11-27-2006 11:22 PM

Ok, so i can supress the error message.

But concerning the severity 1 and its cause, do you recommend any actions to prevent the FWSM of creating this error? Or is it quite normal, that this error can happen to the FWSM from time to time when too many ACL deny-flows are logged?

At the moment, exactly every 5 minutes i can see such an error message...

Thanks,

Marco

0 Helpful

a.kiprawih
Level 7
Level 7
In response to cco1

‎11-28-2006 12:21 AM

Cisco doc says that the log was generated if you have the 'deny' statement in your last ACL entries. This would be a normal behaviour for FWSM.

Test it by removing the last 'deny' statement, and try to access out or in FWSM to unknown ports/IPs to make FWSM denying the access attepmt. See if the log appear again, and check if access in/out is maintained (all unwanted access continuously denied).

Beside this message, other messages from other log levels can also be discarded/omitted, as and when required.

HTH

AK

0 Helpful
Customers Also Viewed These Support Documents