Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-14
Cisco ASA Series 명령 참조 , S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
This counter will increment when the appliance attempts to forward a layer-2 packet to
a rate-limited control point service routine and the rate limit (per/second) is now being
exceeded. Currently, the only layer-2 packets destined for a control point service routine
which are rate limited are ARP packets. The ARP packet rate limit is 500 ARPs per second
per interface.
Recommendation:
Analyze your network traffic to determine the reason behind the high rate of ARP
packets.
Syslogs:
322002, 322003
----------------------------------------------------------------
Name: punt-no-mem
Punt no memory:
This counter is incremented and the packet is dropped when there is no memory to
create data structure for punting a packet to Control Point.
Recommendation:
No action needs to be taken if this condition is transient. If this condition persists
due to low memory, then system upgrade might be necessary.
Syslogs:
None
----------------------------------------------------------------
Name: punt-queue-limit
Punt queue limit exceeded:
This counter is incremented and the packet is dropped when punt queue limit is
exceeded, an indication that a bottle-neck is forming at Control Point.
Recommendation:
No action needs to be taken. This is a design limitation.
Syslogs:
None
----------------------------------------------------------------
Name: flow-being-freed
Flow is being freed:
This counter is incremented when the flow is being freed and all packets queued for
inspection are dropped.
Recommendation:
No action needs to be taken.
Syslogs:
None
----------------------------------------------------------------
Name: invalid-encap
Invalid Encapsulation:
This counter is incremented when the security appliance receives a frame belonging to
an unsupported link-level protocol or if the L3type specified in the frame is not
supported by the appliance. The packet is dropped.
Recommendation:
Verify that directly connected hosts have proper link-level protocol settings.