Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
1
Replies

Unknown PINGs Sourced From Nexus7710

Michael Mertens
Level 1
Level 1

‎03-20-2019 06:02 AM

So I see constant ICMP Echo/PINGs being sourced from a Nexus7710 with a destination of two of our ISE Policy nodes, being denied/dropped by our PAN firewall. I suspect these are PINGs someone initiated months ago, and are continuing even after their session ended. I don't see any type of SLA configured, and I'm the only user with a session into the the 7710. "Show ip ping source-interface" does not list anything. "Show ip traffic", under "ICMP software Processed Traffic Statistics" oes not indicate echo request count incrementing....

 

Does anyone know of a way to show whether IP ICMP process is running on the NX-OS? I'm running 7.0(3). Or does anyone have any ideas why these PINGs would be sourced from the Nexus to the ISE nodes? I don't see any other of our switches doing this....

 

Thanks!

 

Mike

Labels:
0 Helpful
1 Reply 1

akdhingr
Level 1
Level 1

‎04-01-2019 03:20 AM

Hello,

 

How are you tracing that the pings are being sourced from N7ks. Are you taking any captures and checking SIP and SMAC of the pings ?

 

I would suggest take ethanalyzer with decode-internal on N7ks to see if it is really being sourced from N7ks or if the traffic is just being software switched. 

 

BR,

Ak

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents