ACL = cyclic reboot
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-19-2015 01:58 PM
Hi, all!
Have X670 with strange issue.
create new acl:
edit pol stat
This ACL have two rules:
entry acl_rule2 {
if {
protocol tcp;
} then {
count tcpcounter;
}
}
entry cflow_tcp {
if { count tcpcounter > 1 ;
period 5;
} Then {
snmptrap 1000 $tcpcounter 10;
}
}
Was experimented with clear-flow, receive traps on linux-server.
Every time with change file stat.pol done check pol stat -
check rule for syntaxis. Traps received, packet counters is transmitted,
all was OK.
After below manipulation switch go to cyclic reboot:
in snmp trap done transmit message period to 5, and period increasedещ 10, i.e. we have like this:
entry cflow_tcp {
if { count tcpcounter > 1 ;
period 10;
} Then {
snmptrap 1000 $tcpcounter 5;
}
}
and after change policy don't check but at start refresh pol "stat"
After this switch go to cyclic reboot.
Reject all cable from ports, i.e. traffic don;t go to swicth, after this through console del configuration of this acl and all work fine, i.e. switch don't reboot.
Any ideas?
Thank you!
Have X670 with strange issue.
create new acl:
edit pol stat
This ACL have two rules:
entry acl_rule2 {
if {
protocol tcp;
} then {
count tcpcounter;
}
}
entry cflow_tcp {
if { count tcpcounter > 1 ;
period 5;
} Then {
snmptrap 1000 $tcpcounter 10;
}
}
Was experimented with clear-flow, receive traps on linux-server.
Every time with change file stat.pol done check pol stat -
check rule for syntaxis. Traps received, packet counters is transmitted,
all was OK.
After below manipulation switch go to cyclic reboot:
in snmp trap done transmit message period to 5, and period increasedещ 10, i.e. we have like this:
entry cflow_tcp {
if { count tcpcounter > 1 ;
period 10;
} Then {
snmptrap 1000 $tcpcounter 5;
}
}
and after change policy don't check but at start refresh pol "stat"
After this switch go to cyclic reboot.
Reject all cable from ports, i.e. traffic don;t go to swicth, after this through console del configuration of this acl and all work fine, i.e. switch don't reboot.
Any ideas?
Thank you!
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-23-2015 05:48 AM
Hi, all!
Case is opened, but in parallel I make post hare too.
In logs there is no any messages. GTAC now investagate #show debug system-dump
May be you have any advice for configure logs to investagate this issue?
Thank you!
Case is opened, but in parallel I make post hare too.
In logs there is no any messages. GTAC now investagate #show debug system-dump
May be you have any advice for configure logs to investagate this issue?
Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-23-2015 03:32 AM
Hi Alexandr,
I agree with Paul, this is something that would be best to investigate via a case with GTAC. It sounds like something odd is happening with the clear-flow entry.
-Brandon
I agree with Paul, this is something that would be best to investigate via a case with GTAC. It sounds like something odd is happening with the clear-flow entry.
-Brandon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-21-2015 08:48 AM
Hi
Not massively helpful, but that sounds like TAC case material to me 😞
My guess, and I've not tried anything like that in an ACL (yet), is that somewhere the switch is getting DoSed internally by incoming TCP packets triggering the SNMP trap. You'd expect this not to happen because of the 'period 10' but maybe that isn't being properly interpreted when you edit the policy.
Does it reboot due to watchdog, kernel panic, or is it one of these "Hey, switch rebooted, nothing in the logs except for the usual messages you'd see during reboot" problems?
Paul.
Not massively helpful, but that sounds like TAC case material to me 😞
My guess, and I've not tried anything like that in an ACL (yet), is that somewhere the switch is getting DoSed internally by incoming TCP packets triggering the SNMP trap. You'd expect this not to happen because of the 'period 10' but maybe that isn't being properly interpreted when you edit the policy.
Does it reboot due to watchdog, kernel panic, or is it one of these "Hey, switch rebooted, nothing in the logs except for the usual messages you'd see during reboot" problems?
Paul.
