This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

X480 bcast flood

X480 bcast flood

Alexandr_P
Valued Contributor

‎12-02-2015 09:15 AM

Hi, all!

Have X480 as border.
Yesterday begin big bcast flood in local network.
Investigate show that it was scanning for local net from Internet, so IP addresses which wasn't in IP-ARP table was asked by X480 - ARP who is xx.xx.xx.xx in local. As there big local network, and a lot of IP-addresses wasn't active - X480 made big bcast flood.

As workaroung we can
- increase time of keeping arp in table

Any more ideas?

I receive advice - to make arp-passive mode (X480 transmit bcast arp query only when client from local net give arp query) - how I can configure this?

Thank you!
0 Kudos
11 REPLIES 11

Sergey_Okun
New Contributor

‎12-02-2015 11:38 AM

You can try access-list with the action "deny-cpu". Like this:
code:
 x460.3 # show policy CoPP Policies at Policy Server: Policy: CoPP entry arp {  if match all {      ethernet-type 0x806 ; } then {     permit  ; } } entry ssh {  if match all {      source-zone zone-mgm ;     protocol tcp ;     destination-port 22 ; } then {     permit  ; } entry bgp_src {  if match all {      source-zone zone-bgp ;     protocol tcp ;     source-port 179 ; } then {     permit  ; } ##########  [skip] ########## Other protocols entry deny_other {  if match all {  } then {     deny-cpu  ; } }
code:
 x460 # show configuration | include CoPP configure access-list CoPP any ingress
0 Kudos

Jarek
New Contributor II

‎12-02-2015 10:56 AM

Hi,

can you use static ARP ? For example you can check ip-security function like "learn ARP from DHCP".

--
Jarek
0 Kudos
GTM-P2G8KFN