Header Only - DO NOT REMOVE - Extreme Networks

anomaly-protection configuration issue

  • 7 January 2014
  • 3 replies

Userlevel 4
Create Date: Apr 2 2013 2:26PM

For some time, at the edge of our network (or where we aggregate if we don't have Extreme at the edge) we've been running anomaly-protection, minus the l4port component (it tends to interfere with VoIP phones and printing from many clients, we've found.) After moving to XOS, however, disabling l4port doesn't seem to work anymore - the anomaly counters keep going up under l4, and the traffic doesn't pass. We're seeing this on X460s and X250s, has anyone else? The config is like so:

enable ip-security anomaly-protection
disable ip-security anomaly-protection l4port

For now, we've disabled anomaly-protection, as it's not critical to our security, just a nice thing to have. It would be nice to have it back though... is this a known issue? Bug? (from Ansley_Barnes)

3 replies

Userlevel 4
Create Date: Apr 5 2013 6:31PM

I confirm this issue on X460 XOS

Jarek (from Jaroslaw_Kasjaniuk)
Userlevel 4
Create Date: Apr 5 2013 7:44PM

Glad to know I'm not crazy! This worked in XOS, if I remember my versioning correctly. (from Ansley_Barnes)
Userlevel 4
Create Date: Apr 5 2013 8:24PM

Also important - the commands:

disable ip-security anomaly-protection
enable ip-security anomaly-protection ip
enable ip-security anomaly-protection tcp flags
enable ip-security anomaly-protection tcp fragment
enable ip-security anomaly-protection icmp

Also enables the l4 detection/drops, even though none of the above lines are supposed to do so.

Don't get me wrong, I know how wrong it is when source-port = destination-port, however, when your phone system and printers depend on this traffic it's kind of frowned upon to shut it off... (from Ansley_Barnes)