This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MSM-A: Notify-threshold for L3 Protect packet count of 3500 reached

MSM-A: Notify-threshold for L3 Protect packet count of 3500 reached

Matt
New Contributor

‎10-10-2016 12:45 PM

if I try to connect a new access switch (Summit X440-48) to the core switch (BD8006) I read after some minutes the following entry in the log file:

MSM-A: Notify-threshold for L3 Protect packet count of 3500 reached
MSM-A: Added an ACL to port 4:1, srcIP 0.0.0.0 to destIP 10.72.50.100, protocol udp

After that several servers are not reachable (but the new access switch is reachable via ping). If I disconnect the new switch everything is fine.

So what is wrong?

0 Kudos
8 REPLIES 8

Henrique
Extreme Employee

‎10-10-2016 04:39 PM

Hi Matthias.

If you are using MLAG between 2 Core switches, please confirm if the information below is correct:
  • Port 4:1 is the ISC port/link between Core1 and Core2 switches. Core1(4:1) ------ (4:1)Core2
  • New_SW port 47 connects to Core1 port 3:4. New_SW(47) ------ (3:4)Core1
  • New_SW port 48 connects to Core2 port 3:4. New_SW(48) ------ (3:4)Core2
  • LAG enabled on the New_SW to ports 47 and 48 (static mode)
  • MLAG enabled to port 3:4 on both Core1 and Core2 switches
Please provide more details about the New_SW connection with both Core switches (including ports, LAG and MLAG configuration).

Thanks.
0 Kudos

Matt
New Contributor

‎10-10-2016 02:03 PM

Hello Henrique,

after a reset (unconfigure switch all) the new access switch got only an IP Adr. and a sharing port.

configure vlan Default ipaddress 172.........
configure iproute add default 172.........
enable sharing 47 grouping 47-48 algorithm address-based L2
configure vlan "Default" add ports 47 tagged

A configuration like the rest of the available switches.

The new switch is connected to the core switch port 3:4
Port 4:1 on the core switch is the ISC for MLAG.

On the new switch I have only one SFP port used for the uplink. No PCs ore anything else.

You wrote "For some reason this might be caused by X440". I think also because if I disconnect the new switch everything is fine.

But what can I do?

0 Kudos

Henrique
Extreme Employee

‎10-10-2016 12:56 PM

Hi Matthias, that means you have DoS Protect enabled on BD8k to apply an ACL if more than 3500 pps reaches the switch CPU.

For some reason this might be caused by X440 side that's connected to BD8k port 4:1 (based on the log provided).

Is there anything connected to the new switch like other switches, PCs, phones, etc?
Did you change the switch configuration or it's using default configuration?
0 Kudos
GTM-P2G8KFN