cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
749
Views
5
Helpful
5
Replies

HL7 saturating WAN.

tenbucker
Level 1
Level 1

Hi all,

 

I have NBAR enabled on a client's router and it appears that the WAN is being saturated by an influx of HL7 traffic? All I really know about HL7 is that it is a health protocol that doesn't rely on a port-map or any single transport protocol, because of this I am struglling to identifiy the source of the traffic?

 

Any help on the matter would be appreciated.

 

Ben

5 Replies 5

Hi @tenbucker

I only see reference to HL7 as a standard or framework. I didn't find it as a protocol, could you share your source?

 

 

-If I helped you somehow, please, rate it as useful.-

Hey @Flavio Miranda

 

I'm basing this on output from the show ip nbar protocol-discovery command. From what I've gathered HL7 traffic usually flows over some other protocol but I and the customer are both clueless as to what that could be, any ideas?

 

Hello,

 

according to the link below, HL7 uses TCP/UDP port 2575 and 20046. 

Try and create an access list for those ports with the 'log' keyword, that should tell you the source and destination:

 

access-list 100 permit tcp any any eq 2575 log

access-list 100 permit tcp any any eq 20046 log

access-list 100 permit udp any any eq 2575 log
access-list 100 permit udp any any eq 20046 log

access-list 100 permit ip any any

 

 

http://www.adminsub.net/tcp-udp-port-finder/hl7

Hi @Georg Pauwen

 

Thank you, the only drama is that the interesting traffic is utilisaing up to 50mb so I would expect quite a massive hit to CPU?

I've asked them to set up a netflow collector in the meantime, hopefully we can make some headway.

 

Ben

". . . the only drama is that the interesting traffic is utilisaing up to 50mb so I would expect quite a massive hit to CPU?"

Depends on the platform.
Review Cisco Networking for a $25 gift card