Solved: drop rate exceeded, exclude specific host

n.vd.coevering · ‎03-01-2014

In our ASA 5520 we see a lot of messages with "drop rate-<x> exceeded". These messages are caused by our Zabbix server that is pinging to about 300 network routers in our nation wide retail network every 60 seconds.

I know that we can ignore these messages or change the threat-detection rate settings. But what we really want is just to exclude the thread-detection for our Zabbix host.

Is it possible and how?

Vibhor Amrodia · ‎03-01-2014

Hi,

If you would like to stop the"drop rate- exceeded" messages for a specific host , that would not be possible on the ASA device. Depending on the configuration on the ASA device , if you have Scanning threat detecttion enabled and this server is being shunned , you would be able to exclude this host using threat-detection scanning-threat except command on the ASA device.

Thanks and Regards,

Vibhor

View solution in original post

Vibhor Amrodia · ‎03-01-2014

Hi,

If you would like to stop the"drop rate- exceeded" messages for a specific host , that would not be possible on the ASA device. Depending on the configuration on the ASA device , if you have Scanning threat detecttion enabled and this server is being shunned , you would be able to exclude this host using threat-detection scanning-threat except command on the ASA device.

Thanks and Regards,

Vibhor

n.vd.coevering · ‎03-02-2014

Thanks Vibhor for confirming what I thought. We are still debating if we are going to enable shunning.

INGENIERIA Y CONSULTORIAS WEBREDES LTDA · ‎03-03-2014

but you could enable shunning and disable shun for the zabix host, why not test this behavior ???

had a great day . best regards, and rate if you'll find this post useful

n.vd.coevering · ‎03-04-2014

Yes, this is possible. But after enabling shunning and excluding the host, warning messages still keep appearing for his host.