X480 bcast flood
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-02-2015 09:15 AM
Hi, all!
Have X480 as border.
Yesterday begin big bcast flood in local network.
Investigate show that it was scanning for local net from Internet, so IP addresses which wasn't in IP-ARP table was asked by X480 - ARP who is xx.xx.xx.xx in local. As there big local network, and a lot of IP-addresses wasn't active - X480 made big bcast flood.
As workaroung we can
- increase time of keeping arp in table
Any more ideas?
I receive advice - to make arp-passive mode (X480 transmit bcast arp query only when client from local net give arp query) - how I can configure this?
Thank you!
Have X480 as border.
Yesterday begin big bcast flood in local network.
Investigate show that it was scanning for local net from Internet, so IP addresses which wasn't in IP-ARP table was asked by X480 - ARP who is xx.xx.xx.xx in local. As there big local network, and a lot of IP-addresses wasn't active - X480 made big bcast flood.
As workaroung we can
- increase time of keeping arp in table
Any more ideas?
I receive advice - to make arp-passive mode (X480 transmit bcast arp query only when client from local net give arp query) - how I can configure this?
Thank you!
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-02-2015 12:36 PM
Check also an arp validation funcion and
you can add an ACL on vlan ingress to filter junk packets/frames.
I have also in my ingress vlan acl meter to rate-limit packets to switch IP address and IP's on core+distribution used for connection between switches/routers,
because sometimes customers try to kill your equipment intentionally or not  (viruses, etc..)
--
Jarek
you can add an ACL on vlan ingress to filter junk packets/frames.
I have also in my ingress vlan acl meter to rate-limit packets to switch IP address and IP's on core+distribution used for connection between switches/routers,
because sometimes customers try to kill your equipment intentionally or not  (viruses, etc..)
--
Jarek
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-02-2015 12:36 PM
Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-02-2015 12:36 PM
For example you have:
SW Core ==> 192.168.1.0/30 <== Distribution custom vlan lan1 IP 192.168.100.1/24 ==> to L2 switch
Network 192.168.1.0/24 is used for connection between distr. and core.
On distribution switch:
create meter ICMP_Limit
configure meter ICMP_Limit committed-rate 128 Kbps max-burst-size 32 Kb out-actions drop
ACL for ingress vlan lan1.pol
entry toCore_ICMP { if { destination-address 192.168.1.0/24;
} then {
permit;
meter ICMP_Limit;
}}
entry toGW_Lan1_ICMP { if match all { destination-address 192.168.100.1/32 ;
protocol icmp;
} then {
permit ;
meter ICMP_Limit;
} }
You can also deny udp and tcp to this address from customer vlan.
--
Jarek
SW Core ==> 192.168.1.0/30 <== Distribution custom vlan lan1 IP 192.168.100.1/24 ==> to L2 switch
Network 192.168.1.0/24 is used for connection between distr. and core.
On distribution switch:
create meter ICMP_Limit
configure meter ICMP_Limit committed-rate 128 Kbps max-burst-size 32 Kb out-actions drop
ACL for ingress vlan lan1.pol
entry toCore_ICMP { if { destination-address 192.168.1.0/24;
} then {
permit;
meter ICMP_Limit;
}}
entry toGW_Lan1_ICMP { if match all { destination-address 192.168.100.1/32 ;
protocol icmp;
} then {
permit ;
meter ICMP_Limit;
} }
You can also deny udp and tcp to this address from customer vlan.
--
Jarek
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-02-2015 12:36 PM
Can you, please, tell me in details about " have also in my ingress vlan acl meter to rate-limit packets to switch IP address and IP's on core+distribution used for connection between switches/routers"
Thank you!
Thank you!
