EasyManuals Logo
Home>Cisco>Switch>Catalyst 6500 Series

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #208 background imageLoading...
Page #208 background image
10-28
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 10 Controlling Network Access with Access Control Lists
Logging Extended Access Control List Activity
%FWSM-2-106100: access-list outside-acl denied ip outside/3.3.3.3(12345) ->
inside/192.168.1.1(1357) hit-cnt 1 (first hit)
20 additional attempts within a 5 minute interval (the default) result in the following message at the end
of 5 minutes:
%FWSM-2-106100: access-list outside-acl denied ip outside/3.3.3.3(12345) ->
inside/192.168.1.1(1357) hit-cnt 21 (300-second interval)
Managing Deny Flows
When you enable logging for message 106100, if a packet matches an ACE, the FWSM creates a
flow entry to track the number of packets received within a specific interval. The FWSM has a maximum
of 32K logging flows for ACEs. A large number of flows can exist concurrently at any point of time. To
prevent unlimited consumption of memory and CPU resources, the FWSM places a limit on the number
of concurrent deny flows; the limit is placed only on deny flows (and not permit flows) because they can
indicate an attack. When the limit is reached, the FWSM does not create a new deny flow for logging
until the existing flows expire.
For example, if someone initiates a denial of service (DoS) attack, the FWSM can create a large number
of deny flows in a short period of time. Restricting the number of deny flows prevents unlimited
consumption of memory and CPU resources.
When you reach the maximum number of deny flows, the FWSM issues system message 106100:
%FWSM-1-106101: The number of ACL log deny-flows has reached limit
(numbe
r).
To configure the maximum number of deny flows and to set the interval between deny flow alert
messages (106101), enter the following commands:
• To set the maximum number of deny flows permitted per context before the FWSM stops logging,
enter the following command:
FWSM/contexta(config)# access-list deny-flow-max
number
The number is between 1 and 4096. 4096 is the default.
• To set the amount of time between system messages (number 106101) that identify that the
maximum number of deny flows was reached, enter the following command:
FWSM/contexta(config)# access-list alert-interval
secs
The seconds are between 1 and 3600. 300 is the default.

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals