Re: ICMP flooding caused by Cisco Business CBS350-8s

roudlatulhuda1 · ‎02-22-2023

hi everyone,

I installed cisco catalysh under the router as L2 to manage the vlan that was released from the router, but one day from the router it monitored very high ICMP packets coming from the ip switch like "ICMP flooding attack",

I checked the logs and settings there was nothing suspicious,

I've read this is caused by "icmp redirect" from the switch and it only needs to be disabled, but on the Cisco CBS350 there is no command "no ip redirect" is there an alternative that I can do?

Best regards,

Huda

balaji.bandi · ‎02-22-2023

as per the command syntax its available : (unfortunately not much information is provided by the document)

https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/CLI/cbs-350-cli-/cbs-350-cli-_CLT_chapter.html?bookSearch=true

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

roudlatulhuda1 · ‎02-23-2023

Hello balaji

Thanks for the suggestion, from that page it turns out that the command "no ip redirect" must be applied to the ip switch interface not in vlan, but it turns out that even though I have disabled the ip redirect, sometimes the icmp flood still occurs.

Kind regards,

huda

balaji.bandi · ‎02-24-2023

These small business switches as per I know limited capable (there may be some config required - check admin guide) unlike enterprises you can limit on control plan policy.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help