Guest

Preview Tool

Cisco Bug: CSCsz02807 - Logging standby can create logging loop with syslogs 418001 and 106016

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.1(2.163)

Description (partial)

Symptom:
Two ASAs in failover may get stuck in a logging loop causing
high CPU and failover instability if the below conditions are met.
When this occurs, the ASAs loop the following syslog messages:

  ASA-2-106016 - Deny IP spoof from (<IP_A>) to <IP_B> on interface <intf>
  ASA-4-418001 - Through-the-device packet to/from management-only network is denied:


Conditions:
1) Two ASAs in Failover
2) Logging standby must be enabled
3) The ASAs must be connected to a Layer 2 switch
4) The switch must not have a CAM entry for the 
    Destination MAC of the syslog packets (next hop MAC)
5) Logging to a syslog server must be configured at level 5 (Notification) or higher
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.