Rule SrcIPGuard
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-02-2017 03:54 AM
Image : Extremeware Version 7.8.4.1 [non-ssh] [base] by Build_Master on 03/18/11 05:48:45
BootROM : 8.2
7i
This started appearing in the logs
03/01/2017 14:31:23.61 ERROR in creating ACL for Addr:10.2.244.225, Port: 4095
03/01/2017 14:31:23.61 Error in creation of IP ACL for IPAddr: 10.2.244.225,Port: X96
03/01/2017 14:31:23.61 ipStaticRuleAdd: Error creating Rule SrcIPGuard-0
More examples:
02/28/2017 09:24:05.55 ERROR in creating ACL for Addr:10.2.244.218, Port: 4095
02/28/2017 09:24:05.55 Error in creation of IP ACL for IPAddr: 10.2.244.218,Port: X96
02/28/2017 09:24:05.55 ipStaticRuleAdd: Error creating Rule SrcIPGuard-0
02/28/2017 08:29:31.56 ERROR in creating ACL for Addr:10.2.245.79, Port: 4095
02/28/2017 08:29:31.56 Error in creation of IP ACL for IPAddr: 10.2.245.79,Port: X96
02/28/2017 08:29:31.56 ipStaticRuleAdd: Error creating Rule SrcIPGuard-0
02/28/2017 07:34:17.57 ERROR in creating ACL for Addr:10.2.245.148, Port: 4095
02/28/2017 07:34:17.57 Error in creation of IP ACL for IPAddr: 10.2.245.148,Port: X96
02/28/2017 07:34:17.57 ipStaticRuleAdd: Error creating Rule SrcIPGuard-0
02/28/2017 07:01:07.56 ERROR in creating ACL for Addr:10.2.245.125, Port: 4095
02/28/2017 07:01:07.56 Error in creation of IP ACL for IPAddr: 10.2.245.125,Port: X96
02/28/2017 07:01:07.56 ipStaticRuleAdd: Error creating Rule SrcIPGuard-0
02/27/2017 12:09:10.74 ERROR in creating ACL for Addr:10.2.244.203, Port: 4095
02/27/2017 12:09:10.74 Error in creation of IP ACL for IPAddr: 10.2.244.203,Port: X96
02/27/2017 12:09:10.74 ipStaticRuleAdd: Error creating Rule SrcIPGuard-0
Secondary question, why would you want the ipfdb ageing time set to never age out? And is the ipfdb table the equivalent of sh mac-address in other worlds?
ty
BootROM : 8.2
7i
This started appearing in the logs
03/01/2017 14:31:23.61
03/01/2017 14:31:23.61
03/01/2017 14:31:23.61
More examples:
02/28/2017 09:24:05.55
02/28/2017 09:24:05.55
02/28/2017 09:24:05.55
02/28/2017 08:29:31.56
02/28/2017 08:29:31.56
02/28/2017 08:29:31.56
02/28/2017 07:34:17.57
02/28/2017 07:34:17.57
02/28/2017 07:34:17.57
02/28/2017 07:01:07.56
02/28/2017 07:01:07.56
02/28/2017 07:01:07.56
02/27/2017 12:09:10.74
02/27/2017 12:09:10.74
02/27/2017 12:09:10.74
Secondary question, why would you want the ipfdb ageing time set to never age out? And is the ipfdb table the equivalent of sh mac-address in other worlds?
ty
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-02-2017 07:24 AM
The Summit 7i and ExtremeWare are completely end-of-life and have absolute no support.
Below is an explanation and possible root cause. That is all we can give you on this platform.
My best guess is that a reboot will solve this.
This is being created by the source-IP-lockdown feature.
So why are we trying to create a source-ip-lockdown ACL? My guess is they used to have source-ip-lockdown enabled and then disabled it. Now something remains in memory that is causing us to think it is still enabled. So when we create the DHCP Client Address on a port we go through this error and fail.
This is reported by addDhcpClientAddr. He logs this right after he calls createSrcIPGuardACL and fails.
03/01/2017 14:31:23.61 ERROR in creating ACL for Addr:10.2.244.225, Port: 4095
This is from createSrcIPGuardACL after he calls ipStaticRuleAdd and receives a failure.
03/01/2017 14:31:23.61 Error in creation of IP ACL for IPAddr: 10.2.244.225,Port: X96
This is reported by ipStaticRuleAdd of course and which is what kicks off this whole mess.
03/01/2017 14:31:23.61 ipStaticRuleAdd: Error creating Rule SrcIPGuard-0
I think this error is being triggered by DHCP traffic. And my guess is we have an issue somewhere in either "addDhcpClientAddr" or the function calling it.
Again, we will not do any further investigation, you may check the settings for source-IP-lockdown.
Below is an explanation and possible root cause. That is all we can give you on this platform.
My best guess is that a reboot will solve this.
This is being created by the source-IP-lockdown feature.
So why are we trying to create a source-ip-lockdown ACL? My guess is they used to have source-ip-lockdown enabled and then disabled it. Now something remains in memory that is causing us to think it is still enabled. So when we create the DHCP Client Address on a port we go through this error and fail.
This is reported by addDhcpClientAddr. He logs this right after he calls createSrcIPGuardACL and fails.
03/01/2017 14:31:23.61
This is from createSrcIPGuardACL after he calls ipStaticRuleAdd and receives a failure.
03/01/2017 14:31:23.61
This is reported by ipStaticRuleAdd of course and which is what kicks off this whole mess.
03/01/2017 14:31:23.61
I think this error is being triggered by DHCP traffic. And my guess is we have an issue somewhere in either "addDhcpClientAddr" or the function calling it.
Again, we will not do any further investigation, you may check the settings for source-IP-lockdown.
