cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
253
Views
0
Helpful
3
Replies
Highlighted
Beginner

Nexus 6k ICMP Copp Violations: Identifying the Source IPs

I ran into ping responsiveness problems on my Nexus 6ks last week. I think I know the cause - waiting for a change window to address that. But in the meantime I'd like to know - what's the least impactful means of finding out what the sources addresses are of those ICMP Copp policy violations? IP accounting? Access lists with permits and logs? Some command for Copp that would output say 500 samplings of the violation traffic? Thank you. 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: Nexus 6k ICMP Copp Violations: Identifying the Source IPs

The answer was to use ethanalyzer to see what was hitting the control plane..

 

CORE01# ethanalyzer local interface inbound-low display-filter icmp limit-captured-frames 10000 write bootflash:icmp_cap.pcap
 
copy bootflash:icmp_cap.pcap tftp://10.1.10.15/

View solution in original post

3 REPLIES 3
Highlighted
VIP Mentor

Re: Nexus 6k ICMP Copp Violations: Identifying the Source IPs

you can do control place policy these kind of ping/ ssh /telenet attacks to the device from Local known network also, not necesary from outside network, so you can limit only certain rest can be drop and logged to syslog server and take action like send email or alerts to admin if that is exceeded.

 

example : 7K example same works nexus code.

 

https://community.cisco.com/t5/networking-documents/icmp-ping-drops-when-pinging-from-nexus-7000/ta-p/3125996

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: Nexus 6k ICMP Copp Violations: Identifying the Source IPs

I'd spoken with TAC and they recommended not modifying anything about copp policies nor moving off the default. I think to log the violations I'd had to add a new policy and move off the default. No? 

Highlighted
Beginner

Re: Nexus 6k ICMP Copp Violations: Identifying the Source IPs

The answer was to use ethanalyzer to see what was hitting the control plane..

 

CORE01# ethanalyzer local interface inbound-low display-filter icmp limit-captured-frames 10000 write bootflash:icmp_cap.pcap
 
copy bootflash:icmp_cap.pcap tftp://10.1.10.15/

View solution in original post

CreatePlease to create content
Content for Community-Ad