I hear from Cisco that I am suppose to ignor this error >>>Nexus-7010-01 %EEM_ACTION-6-INFORM: Packe...

clyded · ‎03-04-2011

I hear from Cisco that I am suppose to ignor this error, but why am I getting it? I would like more information to explain to the customer why they are seeing this error on a regular basis. >>>Nexus-7010-01 %EEM_ACTION-6-INFORM: Packets dropped due to IDS check length consistent on module 1

David Kosich · ‎03-10-2011

Hello,


Essentially, there are packets that are being dropped by the system due to IDS check fail. These log messages are apart of an enhancement, which is to generate syslog message when CoPP, HW rate-limiter or IDS check is dropping packets.
Previous NX-OS releases before 5.0 didn't generate syslog messages on IDS counters incrementing, 5.0 releases and later we do.

From the below link:

consistent—Drops IP packets where the Ethernet frame size is greater than or equal to the IP packet length plus the Ethernet header.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_ip.html#wp1197179

At the moment, there is no built in way to identify the packets in question that are being dropped. You can see what checks are enabled with '
sh hardware forwarding ip verify'

- David Kosich

I hear from Cisco that I am suppose to ignor this error >>>Nexus-7010-01 %EEM_ACTION-6-INFORM: Packets dropped due to IDS check length consistent on module 1