Is there any possiblity to check the dropped packets....

  • 1
  • Idea
  • Updated 1 year ago
Is there any possibility to check the dropped packets based on the access rule we have written?

Actual scenario is, We are facing the issue in our network because huge volume of mDNS multicast packets. So, We trying to block the mDNS multicast packets using the following Policy file.

entry block_IPv4mDNS{
if match all {
destination-address 224.0.0.251/32 ;
}
then {
deny;
count ipv4mDNSdeny ;
}
}

So, Is there any way to check whether these packets are blocked? If possible, Please share.

Thanks
Photo of Thavamani Shanmugam

Thavamani Shanmugam

  • 690 Points 500 badge 2x thumb

Posted 1 year ago

  • 1
Photo of OscarK

OscarK, ESE

  • 7,702 Points 5k badge 2x thumb
Show access-list counter would show how many packets are blocked.
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,838 Points 5k badge 2x thumb
You could did a mirror action in the ACL.  Then you could plug a PC in to see the traffic.
Photo of OscarK

OscarK, ESE

  • 7,702 Points 5k badge 2x thumb