09-04-2020 12:50 PM
Hi,
Currently, our 6500 switch logs unreachable ip addresses as "denies" in it's Syslog messages.
And to be more specific, it will allow traffic to a host, but if that host goes offline and can't reach it, the packet is denied under the acl that normally allows it.
I believe this is common practice but for personnel keeping track of Syslog information it comes across weird when something that normally is allowed shoes as denied.
Does anyone know of a way to modify this?
For more info, we have ASR901's connected over fiber to a 6500. When an ASR goes down from power loss we will see the deny statements.
Thanks for any advise.
09-04-2020 12:52 PM - edited 09-04-2020 12:53 PM
how is that automatic process running background, do you have EEM Script or ACL?
or post the device configuration to look.
09-04-2020 02:14 PM
Hello,
set the value in the ip icmp rate-limit to the highest value, which is 4294967295 milliseconds (about 1 week). That way, only one message will be generated once a week.
6500(config)#ip icmp rate-limit unreachable 4294967295
09-04-2020 03:28 PM - edited 09-04-2020 03:28 PM
Can you please post relevant configs?
CF
09-05-2020 11:09 AM
Hello
TBH not sure I understand, Are you saying you have acl policy's that deny icmp unreachables, or you have something like null statics to your advertised subnets for hosts that are unreachable?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide