Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
2
Replies

IOS ZBPFW

Chris Lester
Level 1
Level 1

‎08-29-2015 04:09 AM - edited ‎03-11-2019 11:31 PM

Hi All,

When configuring an ASR1001 with ZBPFW, and when using a class class-default / drop log, for an OUTSIDE_TO_SELF zone (basically the outside interface ip address), I do not see the drop action log for any dropped packets, but the drop counter is actualy incrementing.  

 

I know the counter is incrementing because i can firstly see the counters increase, but also because i am specifically sending a load of small packets to the outside interface to see what happens under a DOS type attack.

Is this the expected result or should i actually capture the dropped traffic specifically by creating a dedicated drop class rather than rely on the class-default ?
 

 

Thanks for your help and comments.

Chris.

Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎08-30-2015 07:10 AM

Hi,

I think you should still the drop logs on the router.

What is you try to configure a "parameter map" specifically for logging the drops and then reference it in the class-default ?

Also , re-apply the policy-map configuration with "drop log" and see if that resolves this issue.

Have you enabled the Console debugging and verified if you see the drops ?

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Sergej Tiurin
Level 1
Level 1

‎04-09-2016 06:01 PM

I've got same problem on 15.5 ASR 1001-x.

Does anybody know a solution? This looks a bug to me so far. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card