anomaly-protection configuration issue
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 10:00 PM
Create Date: Apr 2 2013 2:26PM
For some time, at the edge of our network (or where we aggregate if we don't have Extreme at the edge) we've been running anomaly-protection, minus the l4port component (it tends to interfere with VoIP phones and printing from many clients, we've found.) After moving to XOS 15.3.1.4, however, disabling l4port doesn't seem to work anymore - the anomaly counters keep going up under l4, and the traffic doesn't pass. We're seeing this on X460s and X250s, has anyone else? The config is like so:
enable ip-security anomaly-protection
disable ip-security anomaly-protection l4port
For now, we've disabled anomaly-protection, as it's not critical to our security, just a nice thing to have. It would be nice to have it back though... is this a known issue? Bug? (from Ansley_Barnes)
For some time, at the edge of our network (or where we aggregate if we don't have Extreme at the edge) we've been running anomaly-protection, minus the l4port component (it tends to interfere with VoIP phones and printing from many clients, we've found.) After moving to XOS 15.3.1.4, however, disabling l4port doesn't seem to work anymore - the anomaly counters keep going up under l4, and the traffic doesn't pass. We're seeing this on X460s and X250s, has anyone else? The config is like so:
enable ip-security anomaly-protection
disable ip-security anomaly-protection l4port
For now, we've disabled anomaly-protection, as it's not critical to our security, just a nice thing to have. It would be nice to have it back though... is this a known issue? Bug? (from Ansley_Barnes)
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 10:00 PM
Create Date: Apr 5 2013 8:24PM
Also important - the commands:
disable ip-security anomaly-protection
enable ip-security anomaly-protection ip
enable ip-security anomaly-protection tcp flags
enable ip-security anomaly-protection tcp fragment
enable ip-security anomaly-protection icmp
Also enables the l4 detection/drops, even though none of the above lines are supposed to do so.
Don't get me wrong, I know how wrong it is when source-port = destination-port, however, when your phone system and printers depend on this traffic it's kind of frowned upon to shut it off... (from Ansley_Barnes)
Also important - the commands:
disable ip-security anomaly-protection
enable ip-security anomaly-protection ip
enable ip-security anomaly-protection tcp flags
enable ip-security anomaly-protection tcp fragment
enable ip-security anomaly-protection icmp
Also enables the l4 detection/drops, even though none of the above lines are supposed to do so.
Don't get me wrong, I know how wrong it is when source-port = destination-port, however, when your phone system and printers depend on this traffic it's kind of frowned upon to shut it off... (from Ansley_Barnes)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 10:00 PM
Create Date: Apr 5 2013 7:44PM
Glad to know I'm not crazy! This worked in XOS 15.2.1.5, if I remember my versioning correctly. (from Ansley_Barnes)
Glad to know I'm not crazy! This worked in XOS 15.2.1.5, if I remember my versioning correctly. (from Ansley_Barnes)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 10:00 PM
Create Date: Apr 5 2013 6:31PM
I confirm this issue on X460 XOS 15.3.1.4.
Regards.
--
Jarek (from Jaroslaw_Kasjaniuk)
I confirm this issue on X460 XOS 15.3.1.4.
Regards.
--
Jarek (from Jaroslaw_Kasjaniuk)
