cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

X480 bcast flood

X480 bcast flood

Alexandr_P
Valued Contributor
Hi, all!

Have X480 as border.
Yesterday begin big bcast flood in local network.
Investigate show that it was scanning for local net from Internet, so IP addresses which wasn't in IP-ARP table was asked by X480 - ARP who is xx.xx.xx.xx in local. As there big local network, and a lot of IP-addresses wasn't active - X480 made big bcast flood.

As workaroung we can
- increase time of keeping arp in table

Any more ideas?

I receive advice - to make arp-passive mode (X480 transmit bcast arp query only when client from local net give arp query) - how I can configure this?

Thank you!
11 REPLIES 11

Jarek
New Contributor II
Check also an arp validation funcion and
you can add an ACL on vlan ingress to filter junk packets/frames.

I have also in my ingress vlan acl meter to rate-limit packets to switch IP address and IP's on core+distribution used for connection between switches/routers,
because sometimes customers try to kill your equipment intentionally or not ļ™‚ (viruses, etc..)

--
Jarek

Alexandr_P
Valued Contributor
Thank you!

Jarek
New Contributor II
For example you have:

SW Core ==> 192.168.1.0/30 <== Distribution custom vlan lan1 IP 192.168.100.1/24 ==> to L2 switch

Network 192.168.1.0/24 is used for connection between distr. and core.

On distribution switch:
create meter ICMP_Limit
configure meter ICMP_Limit committed-rate 128 Kbps max-burst-size 32 Kb out-actions drop

ACL for ingress vlan lan1.pol

entry toCore_ICMP { if { destination-address 192.168.1.0/24;

} then {

permit;

meter ICMP_Limit;

}}

entry toGW_Lan1_ICMP { if match all { destination-address 192.168.100.1/32 ;

protocol icmp;

} then {

permit ;

meter ICMP_Limit;

} }


You can also deny udp and tcp to this address from customer vlan.

--
Jarek

Alexandr_P
Valued Contributor
Can you, please, tell me in details about " have also in my ingress vlan acl meter to rate-limit packets to switch IP address and IP's on core+distribution used for connection between switches/routers"

Thank you!
GTM-P2G8KFN