cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4388
Views
0
Helpful
0
Replies
cds-cisco
Beginner

%ASA-4-733100: [ Port-8191-65535] drop rate-1 exceeded

I have setup QOS using an ACL with policing to a certain bandwidth.

That is working fine.

But when a data transfer is happening that is getting QOS'd/policed I get these messages in the log:

%ASA-4-733100: [    Port-8191-65535] drop rate-1 exceeded. Current burst rate is 14 per second, max configured rate is 40; Current average rate is 42 per second, max configured rate is 20; Cumulative total count is 25405

I'm using basic threat detection, and I've tried adjusting the "interface-drop" rates to not trigger using the maximum values, but still no luck.

I've confirmed with a capture on asp-drop that it is indeed QOS dropping:

802.1Q vlan#2 P0 1.1.1.1.80 > 2.2.2.2.21273: . 2469168962:2469169352(390) ack 2016042672 win 258 Drop-reason: (rate-exceeded) Output QoS rate exceeded

here is my threat-detection rates, which by the way none match up to the error of max burst of 40, and max avg of 20.

ASA/act# show run all threat-detection rate

threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400

threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320

threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400

threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320

threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800

threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640

threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400

threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320

threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400

threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320

threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10

threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8

threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200

threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160

threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600

threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280

threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600

threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280

threat-detection rate interface-drop rate-interval 600 average-rate 2147483647 burst-rate 2147483647

threat-detection rate interface-drop rate-interval 3600 average-rate 2147483647 burst-rate 2147483647

Basically I want to limit the amount of these messages showing up in the log files during a QoS policing event.

thanks in advance

0 REPLIES 0
Create
Recognize Your Peers
Content for Community-Ad