Cisco Cisco ASA 5510 Adaptive Security Appliance Merkblatt
3-39
Cisco ASA Series 명령 참조, S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
Syslogs:
None
----------------------------------------------------------------
Name: fragment-reassembly-failed
Fragment reassembly failed:
This counter is incremented when the appliance fails to reassemble a chain of
fragmented packets into a single packet. All the fragment packets in the chain are
dropped. This is most probably because of failure while allocating memory for the
reassembled packet.
Recommendation:
Use the show blocks command to monitor the current block memory.
Syslogs:
None
----------------------------------------------------------------
Name: ifc-classify
Virtual firewall classification failed:
A packet arrived on a shared interface, but failed to classify to any specific context
interface.
Recommendation:
For software versions without customizable mac-address support, use the "global" or
"static" command to specify the IPv4 addresses that belong to each context interface. For
software versions with customizable mac-address support, enable "mac-address auto" in
system context. Alternatively, configure unique MAC addresses for each context interfaces
residing over a shared interface with "mac-address" command under each context interface
submode.
Syslogs:
None.
----------------------------------------------------------------
Name: connection-lock
Connection locking failed:
While the packet was waiting for processing, the flow that would be usedwas destroyed.
Recommendation:
The message could occur from user interface command to remove connection in an device
that is actively processing packet. Otherwise, investigate flow drop counter. This
message may occur if the flow are forced dropped from error.
Syslogs:
None.
----------------------------------------------------------------
Name: interface-down
Interface is down:
This counter will increment for each packet received on an interface that is shutdown
via the 'shutdown' interface sub-mode command. For ingress traffic, the packet is dropped
after security context classification and if the interface associated with the context is
shut down. For egress traffic, the packet is dropped when the egress interface is shut
down.
Recommendation:
No action required.