Re:ASA-7-710005: UDP request discarded

Ramesh M · ‎12-11-2013

Hi All,

Hope you are doing good,

Continously I am getting below error log.

Dec 07 2013 11:30:02: %ASA-7-710005: UDP request discarded from 10.109.6.1/67 to WTBB:255.255.255.255/68

Dec 07 2013 11:24:00: %ASA-7-710005: UDP request discarded from 0.0.0.0/68 to WTBB:255.255.255.255/67

Kindly let me know the rean for such errors and how rectify the same,

Attaching the configuration file for your reference.

Regards / Ramesh M

Julio Carvajal · ‎12-11-2013

Hello Ramesh,

As you can see from the logs traffic goes to udp ports 68 and 67,

This are used for DHCP discovery,Request and Offer, ack respectively.

This packets are sent to a broadcast address and come with a source IP of 0.0.0.0 (going to 67) so it's expected that they get dropped.

No need to worry unless you are running the DHCP server or DHCP relay service on the ASA.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Ramesh M · ‎12-11-2013

Hi,

Is any way to disable for the same with out dsable the logging message.

Regards / Ramesh M

Julio Carvajal · ‎12-11-2013

No,

The only way would be either by disabling that log or just stop sending that traffic.

Regards

Sent from Cisco Technical Support Android App

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio Carvajal · ‎12-11-2013

No,

The only way would be either by disabling that log or just stop sending that traffic.

Regards

Sent from Cisco Technical Support Android App

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Ramesh M · ‎12-11-2013

Hi I am sorry, How should we disable the same from sending the traffic. where we can blck that traffic.

Marius Gunnerud · ‎12-12-2013

The easiest way to do this is to set the logging level for these messages to a higher level than what you are logging. For example. You are currently logging debug (which is why your are seeing this message). If you log informational messages, you will not see this message.

Another option is to create a custom logging list, But depending on what and how much you want to log, this might not be a very good option.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/monitor_syslog.html

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts

Julio Carvajal · ‎12-12-2013

Hello,

In this case it's because you are running DHCP bud so if you need that there is no way that can disappear. They are broadcast packets and will reach the ASA.

You could configure an ACL to block the traffic so the log changes from that UDP discarded to the ACL drop one but you are still going to see logs (just that now with a different value).

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

ssocsupport · ‎12-12-2013

Hi,

we are not configured any DHCP relay or DHCP server in our network.

Regards / Ramesh M

Julio Carvajal · ‎12-12-2013

Hello Ramesh,

Then I would suggest doing a capture on the ASA/download it using wireshark and check for those packets/ look for the MAC address/ Go to that PC and disable DHCP.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC