Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with severity 1 error message 106101

Hi!

About 10 days ago the FWSM started to create the error message 106101, saying that "The number of ACL log deny-flows has reached limit 4096". The Cisco-documentation recommends no further action due to that error message.

But now, the FWSM creates this error message every 5 minutes and in syslog i can just see "normal" port-scanning activities, but no massive DoS attacks.

Is there a possibilty to get rid of this error message, maybe by clearing some buffers on the FWSM?

Also, is there a possibility to find out, which ACL forced the FWSM creating this error message?

Thanks!

Regards,

Marco

4 REPLIES
Bronze

Re: Problem with severity 1 error message 106101

You can configure the FWSM so that it does not log this message by giving the commmand

no logging message 106101

For checking the ACL, maybe you can check the hit counts in the show access-list command output.

--Pls rate if it helps---

Re: Problem with severity 1 error message 106101

To disable the message from being logged by FWSM, try:

no logging message

Example:

fwsm(config)#no logging message 106101

The message is generated if you have ACL entry with deny statement "access-list xxx deny xxxx" command.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_system_message_guide_chapter09186a0080224d47.html#wp1038757

HTH

AK

New Member

Re: Problem with severity 1 error message 106101

Ok, so i can supress the error message.

But concerning the severity 1 and its cause, do you recommend any actions to prevent the FWSM of creating this error? Or is it quite normal, that this error can happen to the FWSM from time to time when too many ACL deny-flows are logged?

At the moment, exactly every 5 minutes i can see such an error message...

Thanks,

Marco

Re: Problem with severity 1 error message 106101

Cisco doc says that the log was generated if you have the 'deny' statement in your last ACL entries. This would be a normal behaviour for FWSM.

Test it by removing the last 'deny' statement, and try to access out or in FWSM to unknown ports/IPs to make FWSM denying the access attepmt. See if the log appear again, and check if access in/out is maintained (all unwanted access continuously denied).

Beside this message, other messages from other log levels can also be discarded/omitted, as and when required.

HTH

AK

159
Views
0
Helpful
4
Replies
CreatePlease login to create content