10-16-2008 11:47 AM - edited 03-06-2019 01:58 AM
I have an inbound ACL on an interface yet see packets being denied as coming from that interface that is not in that direction, it's across a WAN link. Any ideas? Thanks.
10-16-2008 12:13 PM
Could it be packets with a spoofed source address, or do you have redundant or load-balanced links? what type of traffic is it? Unicast, multicast, udp, tcp? Can you describe the network in more detail?
10-16-2008 12:23 PM
This particular network is simply a 3825 with a FR interworking link out as its WAN port, and a g0/1 facing a LAN. On that LAN is (among other things) IP address range x.y.142.0/23. In the inbound ACL I have a line "permit ip x.y.142.0 0.0.1.255 any" (among others). Now when I look at my log... I see a deny statment from that ACL from IP address x.y.200.18 which is across the WAN out the FR interworking network. It never matches anything so it falls through a "deny ip any any log" at the end. Thanks.
10-16-2008 12:27 PM
I take it that's the source address?
Has a device been moved to this site recently from another site within that network address and the IP address hasn't been changed? Can you find out that MAC address of where it's coming from?
10-16-2008 12:34 PM
That was my thought at first also. I confirmed however that the device is in fact across the WAN by going to the other end of the link and tracing it. I trace from this router in question also and it confirms that it goes out the WAN and the last hop is the other end of the WAN. I can't query the MAC address from either router. "show mac-address-table interface giXYZ" reveals no output on 3825. This is really odd. Thanks for your input.
10-16-2008 12:38 PM
The only way you can find out the MAC it's coming from is to put a sniffer on the wire as it's on the wrong subnet; what's the chances of that happening?
10-16-2008 12:41 PM
I might be able to arrange it. Good suggestion. I'll check.
Thanks again.
Frank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide