Cisco IOS XR Virtual Firewall Configuration Guide, Release 3.7 - Virtual Firewall System Error Messages [Cisco IOS XR Software]

Table Of Contents

Appendix B: Virtual Firewall System Messages

Messages 106023 to 199006

106023

106028

111008

111009

199006

Messages 212007 to 212008

212007

212008

Messages 302024 to 327001

302024

302025

302026

302027

302028

302029

302030

302031

304001

313004

313006

313007

322001

322002

322003

327001

Messages 400000 to 440003

400000

410001

411001

411002

411003

411004

440002

440003

Messages 504001 to 504002

504001

504002

Messages 727001 to 728031

727001

727002

727003

727004

727005

727006

727007

727008

727009

727010

727011

727012

727013

727014

727015

727016

727017

727018

727019

727020

727021

727022

727023

728016

728017

728029

728030

728031

Messages Listed by Severity Level

Alert Messages, Severity Level 1

Critical Messages, Severity Level 2

Error Messages, Severity Level 3

Warning Messages, Severity Level 4

Notification Messages, Severity Level 5

Informational Messages, Severity Level 6

Debugging Messages, Severity Level 7

Appendix B: Virtual Firewall System Messages

This appendix lists the system log messages displayed on the Virtual Firewall application. The messages are listed numerically by message code in the following sections:

•Messages 106023 to 199006

•Messages 212007 to 212008

•Messages 302024 to 327001

•Messages 400000 to 440003

•Messages 504001 to 504002

•Messages 727001 to 728031

•Messages Listed by Severity Level

Messages 106023 to 199006

This section contains messages from 106023 to 199006.

106023
Error Message    %ACE-4-106023: Deny protocol number | name src 
incoming-interface:src-ip dst outgoing-interface:dst-ip by access-group 
"acl-name"
Explanation An IP packet was denied by the access control list (ACL). This message displays even if you do not have the log option enabled for an ACL. If a packet hits an input ACL, the outgoing interface will not be known. In this case, the VFW application prints the outgoing interface as undetermined. The source IP and destination IP addresses are the unmapped and mapped addresses for the input and output ACLs, respectively, when used with Network Address Translation (NAT).
Recommended Action If messages persist from the same source address, messages might indicate a foot-printing or port-scanning attempt. Contact the remote host administrators.

106028
Error Message    %ACE-1-106028: WARNING: Access rule memory exhausted while processing 
Access-group. Incomplete rules are currently applied on interface interface-name.  
Manual roll back to a previous access rule configuration on this interface is 
needed. 
Explanation The access control list (ACL) compilation process has run out of memory, causing an inability to apply new ACL entries to the specified interface. The ACL configuration downloaded in hardware for that interface may not be in a known state due to this failure.
Recommended Action Remove some ACL entries to free up memory for the desired configuration. The affected interface needs to be removed and recreated to recover to known state

111008
Error Message    %ACE-5-111008: User user executed the command string
Explanation This message is informational. The user entered a command that modified the configuration.
Recommended Action None required.

111009
Error Message    %ACE-7-111009: User user executed cmd:string
Explanation This message is informational. The user entered a command that does not modify the configuration.
Recommended Action None required.

199006
Error Message    %ACE-5-199006 : Orderly reload started at when by whom. Reload reason: 
reason 
Explanation This message logs a reload record of the VFW application and the reason for the reload.
The reason argument describes why the reload occurred. Possible reasons are:

•Use of reload command

•Route processor request

•CF format

•Hardware failure

The when argument specifies the time at which orderly reload operation begins.

The whom argument specifies the name of the user who issued the reload command. If the reload is caused by other reasons, "System" is specified.

Recommended Action None required.

Messages 212007 to 212008

This section contains messages from 212007 to 212008.

212007
Error Message    %ACE-2-212007: SNMPD initialization failed while Variable1 
Explanation This is a Simple Network Management Protocol (SNMP) message that is logged when the SNMP daemon fails to initialize. The SNMP daemon is created during device initialization.
The Variable1 string can be:

•loading mib module

•performing mts_bind

•performing mts_options_set

•initializing kernel memory map

•registering read/write file descriptor

•creating socket endpoint

•creating daemon process

Recommended Action Reboot the VFW application. If the SNMP daemon still fails to initialize, contact Cisco Technical Support and provide them with the output of show processes and show np commands.

212008
Error Message    %ACE-3-212008: Failed while allocating memory in snmpd
Explanation This is a Simple Network Management Protocol (SNMP) message that is logged after a memory allocation failure in the SNMPD process. When this error occurs, SNMPD processes (for example, SNMP Get/GetNext responses, trap generation, or SNMP command-line interface [CLI]) may be affected.
Recommended Action Check for the system memory using the show system command. If the VFW application is low on memory, reboot it. Otherwise, contact Cisco Technical Support and provide them with the output from the show system resources and show processes cpu memory commands.

Messages 302024 to 327001

This section contains messages from 302024 to 327001.

302024
Error Message    %ACE-6-302024: Built UDP connection id for 
interface:real-address/real-port (mapped-address/mapped-port) to 
interface:real-address/real-port (mapped-address/mapped-port)
Explanation A User Datagram Protocol (UDP) connection slot between two hosts was added.
Recommended Action None required.

302025
Error Message    %ACE-6-302025: Teardown UDP connection id for 
interface:real-address/real-port to interface:real-address/real-port duration 
hh:mm:ss bytes bytes
Explanation A User Datagram Protocol (UDP) connection slot between two hosts was deleted.
Recommended Action None required.

302026
Error Message    %ACE-6-302026: Built ICMP connection for faddr/NATed_ID 
gaddr/icmp_type laddr/icmpID 
Explanation An Internet Control Message Protocol (ICMP) session was established.
Recommended Action None required.

302027
Error Message    %ACE-6-302027: Teardown ICMP connection for faddr/NATed ID 
gaddr/icmp_type laddr/icmpID 
Explanation An Internet Control Message Protocol (ICMP) session was removed.
Recommended Action None required.

302028
Error Message    %ACE-6-302028: Built TCP connection id for interface: 
real-address/real-port  (mapped-address/mapped-port) to interface: 
real-address/real-port (mapped-address/mapped-port)
Explanation A TCP connection slot between two hosts was created.
Recommended Action None required.

302029
Error Message    %ACE-6-302029: Teardown TCP connection id for interface: 
real-address/real-port to interface: real-address/real-port duration hh:mm:ss 
bytes bytes [reason]
Explanation A TCP connection between two hosts was terminated.
The reason argument presents the action that causes the connection to terminate. Set the reason argument to one of the TCP termination reasons listed in Table 22.

Recommended Action None required.

302030
Error Message    %ACE-6-302030: Built UDP connection id for interface:       
real-address/real-port (mapped-address/mapped-port) to interface: 
real-address/real-port (mapped-address/mapped-port)
Explanation A User Datagram Protocol (UDP) connection slot between two hosts was added.
Recommended Action None required.

302031
Error Message    %ACE-6-302031: Teardown UDP connection id for interface: 
real-address/real-port to interface: real-address/real-port duration hh:mm:ss 
bytes bytes
Explanation A User Datagram Protocol (UDP) connection slot between two hosts was deleted.
Recommended Action None required.

304001
Error Message    %ACE-5-304001: user source_address Accessed {URL} dest_address: url.
Explanation This is a URL message that is logged when the specified host attempts to access the specified URL.
Recommended Action None required.

313004
Error Message    %ACE-4-313004: Denied ICMP type=icmp_type, from source_address on 
interface interface_name to dest_address:no matching session
Explanation Internet Control Message Protocol (ICMP) packets were discarded by the VFW application because of security checks added by the stateful ICMP feature. These ICMP packets are discarded for any of the following reasons:
•ICMP echo replies are received without a valid echo request already having been passed across the VFW application.

•ICMP error messages are received that are not related to any TCP, UDP, or ICMP session already established in the VFW application.

Recommended Action None required.

313006
Error Message    %ACE-2-313006: ICMP Manager Initialization Failed. Reason : Variable1 
Explanation This message is logged when the Internet Control Message Protocol (ICMP) Manager running on the control plane of the VFW application fails to start.
The Variable1 string can be:

•Timer creation failed.

•MTS initialization failed.

•Error while opening system call.

•Error while mapping buffer manager memory.

•Encap/Decap registration failed.

Recommended Action The VFW application should automatically reboot the card. If not, try rebooting manually. If the problem still exists, contact Cisco Technical Support and provide them with the output from the show tech-support command.

313007
Error Message    %ACE-3-313007: ICMP Manager Memory Problem. Reason: Variable1 
Explanation Reports Internet Control Message Protocol (ICMP)-related memory failures.
The Variable1 string can be:

•No memory available to create ping free list.

•No memory from buffer manager. Cannot send packet.

•No memory available for ping block.

•Possible memory corruption.

Recommended Action Reboot the VFW application. If the problem persists, contact Cisco Technical Support and provide them with the following command output:
•If the "No memory from buffer manager. Cannot send packet." variable is returned, provide the output generated from the show buffer usage and show buffer stats commands.

•If any other variable is returned, provide the output generated from the show process cpu memory command.

322001
Error Message    %ACE-3-322001: Deny MAC address MAC_address, possible spoof attempt on 
interface interface
Explanation The VFW application received a packet from the offending MAC address on the specified interface, but the source MAC address in the packet is statically bound to another interface in your configuration. This could be caused by either be a MAC-spoofing attack or a misconfiguration.
Recommended Action Check the configuration and take appropriate action by either finding the offending host or reconfiguring.

322002
Error Message    %ACE-3-322002: ARP inspection check failed for arp {request|response} 
received from host MAC_address on interface interface. This host is advertising 
MAC Address MAC_address_1 for IP Address IP_address, which is 
{statically|dynamically} bound to MAC Address MAC_address_2.
Explanation If Address Resolution Protocol (ARP) inspection is enabled, the VFW application checks whether a new ARP entry advertised in the packet conforms to the statically configured or dynamically learned IP-MAC address binding before forwarding ARP packets. If this check fails, the VFW application drops the ARP packet and generates this message. This situation can be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).
Recommended Action If the cause is an attack, deny the host by using an access control list (ACL). If the cause is an invalid configuration, correct the binding.

322003
Error Message    %ACE-3-322003: ARP inspection check failed for arp {request|response} 
received from host MAC_address on interface interface. This host is advertising 
MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC 
Address.
Error Message    
Explanation If Address Resolution Protocol (ARP) inspection is enabled, the VFW application checks whether a new ARP entry advertised in the packet conforms to the statically configured IP-MAC address binding before forwarding ARP packets. If this check fails, the VFW application drops the ARP packet and generates this message. This situation may be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).
Recommended Action If the cause is an attack, deny the host by using an access control list (ACL). If the cause is an invalid configuration, correct the binding.

327001
Error Message    %ACE-3-327001: Detected Encap table Full when allocating encap entry 
for IP interface interface_name
Explanation The Encap table size is limited to 32,000 entries. This message is logged when trying to allocate an encap entry after the limit is reached.
Recommended Action Use the clear arp command to remove any unused or invalid table entries.

Messages 400000 to 440003

This section contains messages from 400000 to 440003.

400000
Error Message    %ACE-4-400000: IDS:1000 IP Option Bad Option List from IP_address to 
IP_address on interface interface_name
Explanation Cisco Intrusion Detection System signature message.
Recommended Action Refer to Cisco Intrusion Detection System User Guide.

410001
Error Message    %ACE-4-410001: Dropped UDP DNS packet_type from 
source_interface:source_address/source_port to 
dest_interface:dest_address/dest_port; error_length_type length length bytes 
exceeds max_length_type limit of maximum_length bytes. 
Explanation This message is printed when the domain-name length exceeds 255 bytes in a User Datagram Protocol (UDP) Domain Name System (DNS) packet. (See RFC 1035 section 3.1.)
Recommended Action None required.

411001
Error Message    %ACE-4-411001: Line protocol on interface interface_name changed state 
to up
Explanation The status of the line protocol has changed from down to up.
Recommended Action None required.

411002
Error Message    %ACE-4-411002: Line protocol on interface interface_name changed state 
to down
Explanation The status of the line protocol has changed from up to down.
Recommended Action If this is an unexpected event on the interface, check the line.

411003
Error Message    %ACE-4-411003:  Configuration status on interface interface_name 
changed state to up
Explanation The configuration status of the interface has changed from down to up.
Recommended Action If this is an unexpected event on the interface, check the line.

411004
Error Message    %ACE-4-411004:  Configuration status on interface interface_name 
changed state to down
Explanation The configuration status of the interface has changed from up to down.
Recommended Action None required.

440002
Error Message    %ACE-3-440002: Addition failed for variable 1
Explanation This message is logged if there was an error for the Simple Network Management Protocol (SNMP) Shadow Table Addition. SNMP Get/Get-Next requests might fail on the table name specified by variable 1.
Recommended Action Check the memory-related information in the system. Execute the show processes cpu memory command and locate the MemAlloc column in the output.

440003
Error Message    %ACE-3-440003: Deletion failed for variable 2 
Explanation This message is logged if there was an error for the Simple Network Management Protocol (SNMP) Shadow Table Deletion. Failure might result in a memory leak or wrong or nonexistent values being returned for subsequent Get/Get - Next requests on the table name specified by variable 2.
Recommended Action Check the Memory related information in the system. Execute the show processes cpu memory command and locate the MemAlloc column in the output.

Messages 504001 to 504002

This section contains messages from 504001 to 504002.

504001
Error Message    %ACE-5-504001: Security context context-name was added to the system
Explanation A security context was successfully added to the system.
Recommended Action None required.

504002
Error Message    %ACE-5-504002: Security context context-name was successfully removed 
from the system
Explanation A security context was successfully removed from the system.
Recommended Action None required.

Messages 727001 to 728031

This section contains messages from 727001 to 728031.

727001
Error Message    %ACE-1-727001: hostname: HA: Peer IP address is not reachable. Error: 
error str.
Explanation This message is logged when an active or standby device cannot reach its redundant peer. This message is displayed on both devices and causes a switchover on the standby device. After the switchover occurs, both devices are no longer redundant. The error str value can be:
•Heartbeat stopped. Ping on alternate interface failed.

•Heartbeat stopped. No alternate interface configured.

Recommended Action Verify connectivity between the peers. If a peer device is physically up but connectivity is the problem, you may end up with two active devices. If connectivity is lost due to the peer going down, reboot the peer to restore redundancy between the two devices.

727002
Error Message    %ACE-1-727002: hostname: HA: FT interface interface name to reach  peer 
IP address is down. Error: error str
Explanation This message is logged when a peer device is not reachable on an FT Interface. In this situation, the standby device does not switchover to active, preventing two actives in the network. The error str value can be:
•Heartbeats stopped. Peer is reachable using an alternate interface.

•Heartbeats are up but unable to telnet to the peer device.

Recommended Action Verify connectivity between the two devices over the FT interface. Ping or Telnet to the peer IP address to confirm connectivity.

727003
Error Message    %ACE-1-727003: hostname: HA: Mismatch in context names detected for FT 
group FTgroupID. Cannot be redundant.
Explanation This message is logged when redundancy is enabled for a particular context, but both devices are unable to become active or standby because of a mismatch in context names.
Recommended Action Check the fault-tolerant (FT) group configuration on both devices. Make sure that both devices are associated with the same context.

727004
Error Message    %ACE-1-727004: hostname: HA: Two actives have been detected for FT 
group FTgroupID. 
Explanation This message is an indication that both devices were detected to be active for the same fault-tolerant (FT) group. At this point, one of the two devices automatically relinquishes control and switches over to standby.
Recommended Action None required.

727005
Error Message    %ACE-1-727005: hostname: HA: Config replication failed for context ctx 
name. Error : error str
Explanation This message is logged when a configuration could not be synchronized to the peer device due to the error condition returned by the error str value. The error str value can be:
•Error on Standby device when applying Configuration file replicated from Active.

•Failed to transfer Configuration file to standby. TFTP Failed.

•Failed to generate Running Configuration for peer device. "show running peer" failed.

•Failed to convert Configuration to peer version. Flip of peer addresses failed.

•Failed to retrieve Context Information.

•Failed to rollback Running Configuration on Standby device.

•Failed to sync Running Configuration to Standby device.

•Failed to sync Startup Configuration to Standby device.

•Failed to send MTS message to peer to communicate config status.

Recommended Action Check the running and startup configurations on both devices. To recover, disable configuration synchronization, then manually apply the configuration on each device.

727006
Error Message    %ACE-1-727006: hostname: HA: Peer is incompatible due to error str. 
Cannot be Redundant. 
Explanation This syslog appears if a peer device failed to become compatible. This can be a result of software relationship graph (SRG) version inconsistency or mismatch in licenses between the devices. The error string indicates the reason for the failure.
The error str value can be:

•License Compatibility Mismatch.

•SRG Compatibility Mismatch.

Recommended Action Verify version and license compatibility on both the devices.

727007
Error Message    %ACE-1-727007: hostname: HA: Module Initialization failure - Error 
Error str. 
Explanation This message is logged when there is an initialization error for one of the redundant modules. The error string indicates the reason for the failure.
The Error str value can be:

•MTS Init Failure

•TNRPC Failure

•Select Call Failure

•Timer Creation Failure

Recommended Action Contact Cisco Technical Support.

727008
Error Message    %ACE-1-727008: hostname: HA: Failed to send heartbeats to peer.  
Internal error: Error str
Explanation This message is displayed when the device is unable to send heartbeats to its peer due to an internal error. The error string indicates the reason for the failure.
The Error str value can be:

•Failed to set up User Datagram Protocol (UDP) Connection to Peer for Heartbeats.

•Failed to create Encap for Peer.

•Failed to communicate to IXP.

Recommended Action Contact Cisco Technical Support.

727009
Error Message    %ACE-2-727009: hostname: HA: Communication failure for Peer Peer id 
Event: error str
Explanation This informational message is logged when the device is unable to establish a TCP connection to the peer. The error str value is "Failed to establish TCP connection to Peer device."
Recommended Action Contact Cisco Technical Support.

727010
Error Message    %ACE-2-727010: hostname: HA: Data replication failed for context ctx 
name. Error code error str
Explanation This informational message is logged when data replication fails and data could not be successfully synchronized to the peer device. The next periodic synchronization corrects the failure and updates the lost records. The error string indicates the reason for the failure.
The error str value can be: Failed to bulk sync Connection Records.

Recommended Action None required.

727011
Error Message    %ACE-2-727011: HA: Configuration replication for context ctx name will 
not happen. Error: Error str
Explanation This message appears when configuration synchronization does not occur for a context. The error string indicates the reason for the failure.
The Error str value can be:

•Failed to open Startup Configuration File. It does not exist.

•HA election timed out.

•Configuration sync to peer not initiated because Peer doesn't exist.

•HA has not been configured for context.

Recommended Action None required.

727012
Error Message    %ACE-2-727012: hostname: HA: FT Group group ID changed state to 
NewState. Reason: reason str.
Explanation This message displays the state transitions made by a high-availability (HA) state (redundancy) device for a context.
Values for the NewState argument are described in Table 22.

Table 22 NewState Values and Descriptions

NewState Value

Description

FSM_FT_STATE_INIT

The initial state. Visible only when the configuration for the fault-tolerant (FT) group exists, but it is not in service.

FSM_FT_STATE_ELECT

After issuing the inservice command when configuring an FT group, the ELECT state is entered. The redundancy state machine negotiates with its peer context in the FT group to determine the redundancy role (active or standby).

FSM_FT_STATE_ACTIVE

The active member of the FT group.

FSM_FT_STATE_STANDBY_COLD

This state can be entered if:

–FT interface is down but the peer device is still alive.

–Configuration or application state synchronization failure has occurred.

FSM_FT_STATE_STANDBY_CONFIG

The standby context is waiting to receive configuration information. Upon entering this state, the active context is notified to send a copy of the running configuration.

FSM_FT_STATE_STANDBY_BULK

The standby context is waiting to receive state information. Upon entering this state, the active context is notified to send a copy of the current states information for all applications.

FSM_FT_STATE_STANDBY_HOT

The standby context is ready to become active in a switchover situation.

Values returned for the reason str argument can be:

•FSM_FT_EV_PEER_DOWN

•FSM_FT_EV_PEER_SOFT_RESET

•FSM_FT_EV_STATE

•FSM_FT_EV_TIMEOUT

•FSM_FT_EV_CFG_SYNC_STATUS

•FSM_FT_EV_BULK_SYNC_STATUS

•FSM_FT_EV_COUP

•FSM_FT_EV_RELINQUISH

•FSM_FT_EV_TRACK_STATUS

•FSM_FT_EV_UPDATE

•FSM_FT_EV_ENABLE_INSERVICE

•FSM_FT_EV_DISABLE_INSERVICE

•FSM_FT_EV_SWITCHOVER

•FSM_FT_EV_PEER_COMPATIBLE

•FSM_FT_EV_MAINT_MODE_OFF

•FSM_FT_EV_MAINT_MODE_PARTIAL

•FSM_FT_EV_MAINT_MODE_FULL

Recommended Action None required.

727013
Error Message    %ACE-2-727013: hostname: HA: Peer Peer # is UP and reachable.
Explanation This message indicates that the peer is now reachable. Heartbeats are flowing successfully between the two peers.
Recommended Action None required.

727014
Error Message    %ACE-2-727014: hostname: HA: Heartbeats from Peer Peer id have become 
unidirectional.
Explanation This message indicates that redundancy heartbeats from a peer have become unidirectional. That is, the peer cannot receive (only send) heartbeats. This problem occurs if one of the network processors has a problem.
Recommended Action Collect network processor drop counters, then contact Cisco Technical Support.

727015
Error Message    %ACE-2-727015: hostname: HA: Detected mismatch in heartbeat interval 
from Peer peer id. Modified interval to interval. 
Explanation This message indicates that the redundancy heartbeat received from one peer differs from the value of the second peer. This condition can occur when you choose to dynamically change the heartbeat interval. The modified heartbeat interval that is displayed shows the adjusted interval. This value is the greater of the two values.
Recommended Action None required.

727016
Error Message    %ACE-2-727016: hostname: HA: Replication for context ctx name has 
started. Status - status.
This message indicates that the replication is being carried out to a peer. The status argument indicates the synchronization status.

Values for the status argument can be:

•Running Configuration sync has started to peer.

•Startup Configuration sync has started to peer.

•Startup Configuration sync has completed to peer.

•Running Configuration sync has completed to peer.

•Data Replication has completed to peer.

•Startup configuration has been applied successfully for context.

Recommended Action None required.

727017
Error Message    %ACE-2-727017: hostname: HA: FT Track track type track name is UP.
Explanation This message indicates that the fault-tolerant (FT) track is up.
The track type argument can be:

•Interface

•HSRP

•Host

Recommended Action None required.

727018
Error Message    %ACE-2-727018: hostname: HA: FT Track track type track name is DOWN. 
Explanation This message indicates that the fault-tolerant (FT) track is down.
The track type argument can be:

•Interface

•HSRP

•Host

Recommended Action None required.

727019
Error Message    %ACE-5-727019: hostname: HA: Started alternate ping to IP address ip 
addr 
Explanation This message indicates that Internet Control Message Protocol (ICMP) pings have started on the alternate interface to check the health of the peer. This process starts when heartbeats from the peer are no longer received. The standby device issues an alternate ping to the peer to determine whether the peer is still alive. If alive, it does not switch over, preventing two active states on the network.
Recommended Action None required.

727020
Error Message    %ACE-5-727020: hostname: HA: Stopped alternate ping to IP address ip 
addr. 
Explanation This message indicates that Internet Control Message Protocol (ICMP) pings have stopped on the alternate interface. This occurs when heartbeats from the peer are received and the peer is up and reachable.
Recommended Action None required.

727021
Error Message    %ACE-5-727021: hostname: HA: Peer is compatible.
Explanation This message indicates that the two devices are in a compatible state and can be configured for redundancy.
Recommended Action None required.

727022
Error Message    %ACE-5-727022: hostname: HA: Started sending heartbeats to peer Peer 
id interval value and count cnt
Explanation This message indicates that the redundancy connections to the peer have been successfully established and heartbeats have been started to peer with the configured interval and count.
The interval argument specifies the interval in milliseconds. The count argument specifies the number of missed heartbeat intervals before the peer is declared down.

Recommended Action None required.

727023
Error Message    %ACE-5-727023: hostname: HA: Stopped sending heartbeats to peer Peer 
id. 
Explanation This message indicates that redundancy heartbeats to the peer have been stopped. This can occur if you deconfigure redundancy or make changes to basic connection parameters such as peer IP address.
Recommended Action None required.

728016
Error Message    %ACE-4-728016: HA data receive failure (type variable1)
Explanation This message is logged when an redundancy message received from the redundant peer cannot be understood and is subsequently discarded.
The variable1 argument specifies the unique identifier for the line of code where the error was logged.

Recommended Action Use the show ft stats group_id command to display load-balancing statistics for the fault-tolerant (FT) group:
•If the type variable returned a value of 90 (decimal), then monitor the "Number of Sticky Entries Dropped" value. Contact Cisco Technical Support if the values continue to increase over time.

•If the type variable returned a value of 99 (decimal), then monitor the "Number of Receive Failures" value. Contact Cisco Technical Support if the values continue to increase over time.

728017
Error Message    %ACE-3-728017: Internal communications error (ha) -- type variable1
Explanation This message is reported from the current context. An attempt to send a redundancy message to the redundant peer was unsuccessful because the message could not be sent.
The variable1 argument specifies the unique identifier for the line of code where the error was logged.

Recommended Action Use the show ft stats group_id command to display load-balancing statistics for the fault-tolerant (FT) group. Monitor the "Number of Send Failures" value. Contact Cisco Technical Support if the problem persists.

728029
Error Message    %ACE-6-728029: HA state for FtGroup variable1 changed from variable2 
to variable3 State variable4.
Explanation This message tracks state changes received from the redundant peer. Events that are not relevant to load balancing are ignored.
The variable1 argument specifies the (decimal) fault-tolerant group ID.

The variable2 and variable3 arguments specify the previous and current (respectively) state change event. Possible values are:

•Active

•StartCfgSync

•StartBulkSync

•StartPeriodicSync

•StopSync

•StdbyCfg

•StdbyBulk

•StdbyHot

•StdbyCold

•BulkSyncDone

•NonRedundant

•None

•"???" (specifies an unidentified event)

The variable4 argument specifies the state change action. It is valid to ignore some state change events. Possible values are:

•handled

•ignored

Recommended Action No action required. This message is useful when tracking redundancy state changes to troubleshoot redundant peer synchronization problems.

728030
Error Message    %ACE-6-728030: Silently discarding HA data: variable1
Explanation This is an informational message logged when redundancy data must be discarded during load-balancing operations because the VFW application could not process the data. The discarding of the data could affect seamless switchover.
The variable1 argument specifies the reason for discarding data from the redundant peer. Possible values are:

•Received unknown message type

•Received data packet in wrong HA state

Recommended Action No action required. This message is useful when troubleshooting redundant peer problems.

728031
Error Message    %ACE-3-978031: Memory mapping for debug logging failed. 
Explanation This message is logged when memory mapping fails during initialization for debug logging. Load balancing continues, but no debug logging occurs, even if invoked from the command line.
Recommended Action Reboot the VFW application to reinitialize the debug logging component. Rebooting may correct a transient mapping issue. If this error persists, contact Cisco Technical Support.

Messages Listed by Severity Level

This section contains the following subsections:

•Alert Messages, Severity Level 1

•Critical Messages, Severity Level 2

•Error Messages, Severity Level 3

•Warning Messages, Severity Level 4

•Notification Messages, Severity Level 5

•Informational Messages, Severity Level 6

•Debugging Messages, Severity Level 7

Note The VFW application does not send severity 0, emergency messages to syslog. These are comparable to a UNIX panic message and indicate an unstable system.

Alert Messages, Severity Level 1

The following messages appear at severity level 1, alerts:

•%ACE-1-106028: WARNING: Access rule memory exhausted while processing Access-group. Incomplete rules are currently applied on interface interface-name. Manual roll back to a previous access rule configuration on this interface is needed.

•%ACE-1-727001: hostname: HA: Peer IP address is not reachable. Error: error str.

•%ACE-1-727002: hostname: HA: FT interface interface name to reach peer IP address is down. Error: error str

•%ACE-1-727003: hostname: HA: Mismatch in context names detected for FT group FTgroupID. Cannot be redundant.

•%ACE-1-727004: hostname: HA: Two actives have been detected for FT group FTgroupID.

•%ACE-1-727005: hostname: HA: Config replication failed for context ctx name. Error : error str

•%ACE-1-727006: hostname: HA: Peer is incompatible due to error str. Cannot be Redundant.

•%ACE-1-727007: hostname: HA: Module Initialization failure - Error Error str.

•%ACE-1-727008: hostname: HA: Failed to send heartbeats to peer. Internal error: Error str

Critical Messages, Severity Level 2

The following messages appear at severity level 2, critical:

•%ACE-2-212007: SNMPD initialization failed while Variable1

•%ACE-2-313006: ICMP Manager Initialization Failed. Reason : Variable1

•%ACE-2-727009: hostname: HA: Communication failure for Peer Peer id Event: error str

•%ACE-2-727010: hostname: HA: Data replication failed for context ctx name. Error code error str

•%ACE-2-727011: HA: Configuration replication for context ctx name will not happen. Error: Error str

•%ACE-2-727012: hostname: HA: FT Group group ID changed state to NewState. Reason: reason str.

•%ACE-2-727013: hostname: HA: Peer Peer # is UP and reachable.

•%ACE-2-727014: hostname: HA: Heartbeats from Peer Peer id have become unidirectional.

•%ACE-2-727015: hostname: HA: Detected mismatch in heartbeat interval from Peer peer id. Modified interval to interval.

•%ACE-2-727016: hostname: HA: Replication for context ctx name has started. Status - status.

•%ACE-2-727017: hostname: HA: FT Track track type track name is UP.

•%ACE-2-727018: hostname: HA: FT Track track type track name is DOWN.

Error Messages, Severity Level 3

The following messages appear at severity level 3, errors:

•%ACE-3-212008: Failed while allocating memory in snmpd

•%ACE-3-313007: ICMP Manager Memory Problem. Reason: Variable1

•%ACE-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface

•%ACE-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2.

•%ACE-3-322003: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address.

•%ACE-3-327001: Detected Encap table Full when allocating encap entry for IP interface interface_name

•%ACE-3-440002: Addition failed for variable 1

•%ACE-3-440003: Deletion failed for variable 2

•%ACE-3-728017: Internal communications error (ha) -- type variable1

Warning Messages, Severity Level 4

The following messages appear at severity level 4, warning:

•%ACE-4-313004: Denied ICMP type=icmp_type, from source_address on interface interface_name to dest_address:no matching session

•%ACE-4-400000: IDS:1000 IP Option Bad Option List from IP_address to IP_address on interface interface_name

•%ACE-4-410001: Dropped UDP DNS packet_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; error_length_type length length bytes exceeds max_length_type limit of maximum_length bytes.

•%ACE-4-411001: Line protocol on interface interface_name changed state to up

•%ACE-4-411002: Line protocol on interface interface_name changed state to down

•%ACE-4-411003: Configuration status on interface interface_name changed state to up

•%ACE-4-411004: Configuration status on interface interface_name changed state to down

•%ACE-4-728016: HA data receive failure (type variable1)

Notification Messages, Severity Level 5

The following messages appear at severity level 5, notifications:

•%ACE-5-111008: User user executed the command string

•%ACE-7-111009: User user executed cmd:string

•%ACE-5-199006 : Orderly reload started at when by whom. Reload reason: reason

•%ACE-5-304001: user source_address Accessed {URL} dest_address: url.

•%ACE-5-504001: Security context context-name was added to the system

•%ACE-5-504002: Security context context-name was successfully removed from the system

•%ACE-5-727019: hostname: HA: Started alternate ping to IP address ip addr

•%ACE-5-727020: hostname: HA: Stopped alternate ping to IP address ip addr.

•%ACE-5-727021: hostname: HA: Peer is compatible.

•%ACE-5-727022: hostname: HA: Started sending heartbeats to peer Peer id interval value and count cnt

•%ACE-5-727023: hostname: HA: Stopped sending heartbeats to peer Peer id.

Informational Messages, Severity Level 6

The following messages appear at severity level 6, informational:

•%ACE-6-302024: Built UDP connection id for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port)

•%ACE-6-302025: Teardown UDP connection id for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes bytes

•%ACE-6-302026: Built ICMP connection for faddr/NATed_ID gaddr/icmp_type laddr/icmpID

•%ACE-6-302027: Teardown ICMP connection for faddr/NATed ID gaddr/icmp_type laddr/icmpID

•%ACE-6-302028: Built TCP connection id for interface: real-address/real-port (mapped-address/mapped-port) to interface: real-address/real-port (mapped-address/mapped-port)

•%ACE-6-302029: Teardown TCP connection id for interface: real-address/real-port to interface: real-address/real-port duration hh:mm:ss bytes bytes [reason]

•%ACE-6-302030: Built UDP connection id for interface: real-address/real-port (mapped-address/mapped-port) to interface: real-address/real-port (mapped-address/mapped-port)

•%ACE-6-302031: Teardown UDP connection id for interface: real-address/real-port to interface: real-address/real-port duration hh:mm:ss bytes bytes

•%ACE-6-728029: HA state for FtGroup variable1 changed from variable2 to variable3 State variable4.

•%ACE-6-728030: Silently discarding HA data: variable1

Debugging Messages, Severity Level 7

%ACE-7-111009: User user executed cmd:string