This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

X480 bcast flood

X480 bcast flood

Alexandr_P
Valued Contributor

‎12-02-2015 09:15 AM

Hi, all!

Have X480 as border.
Yesterday begin big bcast flood in local network.
Investigate show that it was scanning for local net from Internet, so IP addresses which wasn't in IP-ARP table was asked by X480 - ARP who is xx.xx.xx.xx in local. As there big local network, and a lot of IP-addresses wasn't active - X480 made big bcast flood.

As workaroung we can
- increase time of keeping arp in table

Any more ideas?

I receive advice - to make arp-passive mode (X480 transmit bcast arp query only when client from local net give arp query) - how I can configure this?

Thank you!
0 Kudos
11 REPLIES 11

Alexandr_P
Valued Contributor

‎12-02-2015 12:26 PM

Thank's for all!

I thnk it would be the best decision.
0 Kudos

Jarek
New Contributor II

‎12-02-2015 12:11 PM

They using dynamic IP addresses or static ?

Maybe you can use ip-security function.
When host get address via switch relay, switch creates a ip-security dhcp-snooping entries.
This can add a static arp also with ip-security arp learning learn-from-dhcp
0 Kudos

Alexandr_P
Valued Contributor

‎12-02-2015 12:04 PM

Via DHCP from external server, not switch dhcp.
0 Kudos

Jarek
New Contributor II

‎12-02-2015 11:55 AM

You have customers that obtaining address via DHCP or use a static IP ?

--
Jarek
0 Kudos

Alexandr_P
Valued Contributor

‎12-02-2015 11:43 AM

I can't deny arp requests - because in my case swich work correct.
But in case when somebody scan my network, disconnected clients -> arp table in X480 haven't their MAC/IP records -> send a lot of bcast arp-who_is messages -> big load of network
0 Kudos
GTM-P2G8KFN