Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-29
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
 
Recommendation:
    This counter should never be incrementing on the Active appliance or context.However, 
it is normal to see it increment on the Standby appliance or context.
 
Syslogs:
    302014, 302016, 302018
----------------------------------------------------------------
Name: dst-l2_lookup-fail
Dst MAC L2 Lookup Failed:
    This counter will increment when the appliance is configured for transparent mode and 
the appliance does a Layer 2 destination MAC address lookup which fails.Upon the lookup 
failure, the appliance will begin the destination MAC discovery process and attempt to 
find the location of the host via ARP and/or ICMP messages.
 Recommendation:
    This is a normal condition when the appliance is configured for transparent mode. You 
can also execute (show mac-address-table) to list the L2 MAC address locations currently 
discovered by the appliance.
 Syslogs:
    None
----------------------------------------------------------------
Name: l2_same-lan-port
L2 Src/Dst same LAN port:
    This counter will increment when the appliance/context is configured for transparent 
mode and the appliance determines that the destination interface's L2 MAC address is the 
same as its ingress interface.
 Recommendation:
    This is a normal condition when the appliance/context is configured for transparent 
mode.  Since the appliance interface is operating in promiscuous mode, the 
appliance/context receives all packets on the local LAN seqment.
 Syslogs:
    None
----------------------------------------------------------------
Name: flow-expired
Expired flow:
    This counter is incremented when the security appliance tries to inject a new or 
cached packet belonging to a flow that has already expired.It is also incremented when the 
appliance attempts to send an rst on a tcp flow that has already expired or when a packet 
returns from IDS blade but the flow had already expired.The packet is dropped
Recommendation:
    If valid applications are getting pre-empted, investigate if a longer timeout is 
needed.
Syslogs:
   None.
----------------------------------------------------------------
Name: inspect-icmp-out-of-app-id
ICMP Inspect out of App ID:
    This counter will increment when the ICMP inspection engine fails to allocate an 'App 
ID' data structure.The structure is used to store the sequence number of the ICMP packet.