[c-nsp] Cursed IP address
Lukas Tribus
luky-37 at hotmail.com
Thu Nov 27 08:27:18 EST 2014
>> Are there any IP filters on the layer 2 side of this? Are you using CoPP and
>> the IP is denied there?
>
> No. PASOLINK does not do IP filtering.
>
> It can only do some Ethernet frame filtering, like filtering out LLDP
> or STP frames, but no such filters are even configured.
Just because its not configured or not configurable doesn't mean its not
actually doing it (it may be a bug).
I have an Ethernet over FrameRelay Radio PTMP system that after a few
months of uptime inserts the UDP payload of customer A into the
TCP payload of customer B (customer B using this TCP session to
transfer files to a AS400 that doesn't check TCP checksums and
therefor the UDP payload of customer A makes it into the application
of customer B). The only fix here is to reload the whole system.
The very same PTMP system sometimes drops traffic of a certain mac
address, although there are no layer 2 rules (other that different
vlans).
Just because the box isn't supposed to interact with a specific OSI
layer doesn't mean its not actually doing it.
2 suggestions:
- use point-to-point OSPF links for everything (especially for WAN links)
- exclude your WAN link in your testing
Regards,
Lukas
More information about the cisco-nsp
mailing list