cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

drop rate exceeded, exclude specific host

n.vd.coevering
Beginner
Beginner

In our ASA 5520 we see a lot of messages with "drop rate-<x> exceeded". These messages are caused by our Zabbix server that is pinging to about 300 network routers in our nation wide retail network every 60 seconds.

I know that we can ignore these messages or change the threat-detection rate settings. But what we really want is just to exclude the thread-detection for our Zabbix host.

Is it possible and how?

1 ACCEPTED SOLUTION

Accepted Solutions

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

If you would like to stop the"drop rate- exceeded" messages for a specific host , that would not be possible on the ASA device. Depending on the configuration on the ASA device , if you have Scanning threat detecttion enabled and this server is being shunned , you would be able to exclude this host using threat-detection scanning-threat except command on the ASA device.

Thanks and Regards,

Vibhor

View solution in original post

4 REPLIES 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

If you would like to stop the"drop rate- exceeded" messages for a specific host , that would not be possible on the ASA device. Depending on the configuration on the ASA device , if you have Scanning threat detecttion enabled and this server is being shunned , you would be able to exclude this host using threat-detection scanning-threat except command on the ASA device.

Thanks and Regards,

Vibhor

Thanks Vibhor for confirming what I thought. We are still debating if we are going to enable shunning.

but you could enable shunning and disable shun for the zabix host, why not test this behavior ???

had a great day . best regards, and rate if you'll find this post useful