Extreme Networks

EtherNation_Use · ‎01-07-2014

Create Date: Apr 2 2013 2:26PM

For some time, at the edge of our network (or where we aggregate if we don't have Extreme at the edge) we've been running anomaly-protection, minus the l4port component (it tends to interfere with VoIP phones and printing from many clients, we've found.) After moving to XOS 15.3.1.4, however, disabling l4port doesn't seem to work anymore - the anomaly counters keep going up under l4, and the traffic doesn't pass. We're seeing this on X460s and X250s, has anyone else? The config is like so:

enable ip-security anomaly-protection
disable ip-security anomaly-protection l4port

For now, we've disabled anomaly-protection, as it's not critical to our security, just a nice thing to have. It would be nice to have it back though... is this a known issue? Bug? (from Ansley_Barnes)

EtherNation_Use · ‎01-07-2014

Create Date: Apr 5 2013 8:24PM

Also important - the commands:

disable ip-security anomaly-protection
enable ip-security anomaly-protection ip
enable ip-security anomaly-protection tcp flags
enable ip-security anomaly-protection tcp fragment
enable ip-security anomaly-protection icmp

Also enables the l4 detection/drops, even though none of the above lines are supposed to do so.

Don't get me wrong, I know how wrong it is when source-port = destination-port, however, when your phone system and printers depend on this traffic it's kind of frowned upon to shut it off... (from Ansley_Barnes)

EtherNation_Use · ‎01-07-2014

Create Date: Apr 5 2013 7:44PM

Glad to know I'm not crazy! This worked in XOS 15.2.1.5, if I remember my versioning correctly. (from Ansley_Barnes)

EtherNation_Use · ‎01-07-2014

Create Date: Apr 5 2013 6:31PM

I confirm this issue on X460 XOS 15.3.1.4.

Regards.
--
Jarek (from Jaroslaw_Kasjaniuk)

Extreme Networks

anomaly-protection configuration issue

anomaly-protection configuration issue