Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-38
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
    2) Appletalk packets with destination L2 of 0900:0700:0000-0900:07FF:FFFF
    The user can also configure ethertype ACL(s) and apply them to an interface to permit 
other types of L2 traffic.
    The default L2 ACL can be seen in routed and transparent mode with the show asp table 
classify domain permit command.
    Note - Packets permitted by L2 ACLs may still be dropped by L3-L4 ACLs.
 Recommendation:
    If your running the appliance/context in transparent mode and your non-IP packets are 
dropped by the appliance, you can configure an ethertype ACL and apply the ACL to an 
access group. Note - the appliance ethertype CLI only supports protocol types and not L2 
destination MAC addresses.
 Syslogs:
    106026, 106027
----------------------------------------------------------------
Name: intercept-unexpected
Intercept unexpected packet:
    Either received data from client while waiting for SYNACK from server or received a 
packet which cannot be handled in a particular state of TCP intercept.
Recommendation:
    If this drop is causing the connection to fail, please have a sniffer trace of the 
client and server side of the connection while reporting the issue. The box could be under 
attack and the sniffer traces or capture would help narrowing down the culprit.
Syslogs:
    None.
----------------------------------------------------------------
Name: no-mcast-entry
FP no mcast entry:
    A packet has arrived that matches a multicast flow, but the multicast service is no 
longer enabled, or was re-enabled after the flow was built.
    - OR -
    A multicast entry change has been detected after a packet was punted to the CP, and 
the NP can no longer forward the packet since no entry is present.
Recommendation:
    Reenable multicast if it is disabled.
    - OR -
    No action required.
Syslogs:
    None
----------------------------------------------------------------
Name: no-mcast-intrf
FP no mcast output intrf:
    All output interfaces have been removed from the multicast entry.
    - OR -
    The multicast packet could not be forwarded.
Recommendation:
    Verify that there are no longer any receivers for this group.
    - OR -
    Verify that a flow exists for this packet.