I've started seeing this message "%ACLLOG-4-ACLLOG_MAXFLOW_REACHED: Maximum limit 100000 reached for number of flows" on a Nexus 7010. The NX-OS Systems Messages Reference only offers this for explanation "The maximum flow has been reached in current interval." That was pretty clear from the name of the message. The Reference also suggests that no action is required, but I'm unconvinced. I'm hoping someone here happens to know more.
Some questions I have are: What is limiting the number of flows? Is this on a per-VDC basis, is it a line card, a supervisor, a configuration option? Perhaps most importantly, what happens to flow 100001?
This is normal behavior from ACL Logging perspective. There is no issue in terms of switching packets.
It simply says you have reached the configured maximum cached entries of 1000. You can increase the cache
entries if you want by using logging level acllog entries .
What is the customer trying to do? Logging every packet passing through the box?
Are they attempting a self-DOS?
Typically, customer would have ACL log for denied packets, and in that case these cache entries will not get
full this fast, unless some sort of DOS or port-scan is happening.
Also Acllog keeps printing the summary of all the flows that it has logged at an interval (default 5m).
You can infact make this interval report print at any logging level you want by using the command,
"acllog match-log-level " now ACLLOG_FLOW_INTERVAL logs gets printed at
have you seen any issues being caused if this error is noticed? Does this error cause the switch to have any performance issues? Trying to better understand if this error is seen excessively what issue may this cause?
Community Live- Basic Wireshark for Networking Students
(Live event - formerly known as Webcast- Tuesday 14 April, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event will have place on Tuesday 14th, April 2020 at 10hrs PDT
Cisco IOS-XE 17.2.1 – Catalyst Switching Updates
Cisco has announced the availability of the latest IOS-XE release - IOS-XE Amsterdam 17.2. This release IOS-XE 17.2 is the next Standard Maintenance Release after 17.1 which also has a sustaining lifetime o...
In this article, we are going to talk about Cisco Umbrella Initial Setup.- The continuity of IT is the basis of today’s business environment. Almost every single decision made by business is either based on an IT data or done using the IT platform. And so...
This event had place on Tuesday 24th, March 2020 at 10hrs PDT
Daniel Dib is a Senior Network Architect at Conscia. He works with creating scalable, modular, and highly available network designs that...
Cisco DNA Spaces is a single, scalable, reliable location platform that digitizes spaces by centralizing location services for both people and things.
With Cisco DNA Spaces See what’s happening at your properties, and benchmark your performan...