Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
0
Replies

RVS4000 V1 tracks some VLAN to VLAN connections backwards

kellybflemings
Level 1
Level 1

‎01-30-2012 12:03 AM

Firmware         V1.3.3.5

Operation Mode:        Gateway

VLANs:             4, one per LAN subnet

Inter-VLAN Routing:     Enabled

I've got all of the management interfaces of the infrastructure devices

(switches, UPS,WAPs) on the default VLAN 1 that is configured on as untagged on

all relevant ports. I've noticed that the router will track most of the routed

connections from the non-default VLANs to devices on the devices on the default

VLAN backwards, where the destination is listed as the source and vice versa,

often with the SYN_SENT state instead of ESTABLISHED as reported by the source

host.

I get this information from the IP Conntrack view launched from the

Status/Gateway screen. This is how a telnet connection from a computer on the

guest VLAN 3, subnet 10.0.89.0/24 to the default mgmt VLAN 1, subnet

192.168.75.0 looks in IP Conntrack

Basic Information                 Original Direction                             Reply Direction

Protocol     Life Time     State         Source IP     Source Port     Destination IP     Destination Port     Source IP     Source Port    Destination IP     Destination Port

TCP         44         SYN_SENT     192.168.75.98     23         10.0.89.2     50196             10.0.89.2     50196         192.168.75.98     23

Also, there are corresponding entries in the router's access log. 

Jan 29 22:26:00 - [Access Log]I TCP Packet - 192.168.75.98:23 --> 10.0.89.2:50196

Notice that it  is incoming as expected as opposed to outgoing (to the WAN port).

I know that these are routed connections, for when I turn off Inter-VLAN

Routing, I cannot make any connections from on VLAN subnet to another.

This reversed connection tracking anomaly is causing the firewall ACLs that I have

implemented to block traffic from the guest VLAN (3) to the default

(infrastructure) VLAN to not work, since ACLs are defined based on source IP

and destination IP. Connections to other VLANs other than the default appear as expected

in the access log and the IP Conntrack view.

Is this a known bug with the RVS4000 V1?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents