Been a long time but back with a hope of getting some help as usual.
I have a CloudGenix SDWAN device connected to a WS-C4507R+E switch. The CloudGenix has a Controller port which connect to a switchport on the 4500 , port is configured as an access port no special config.
The Controller port non stop sends UDP 3784 BFD packets to its remote DC device as keep alives.These packets are failing and I do not see them even on the access port(applied and ACL to match these packets no logs)
While we see on the CloudGenix device the controller is sending these packets but they are failing. Our initial test shows that these packets are not even seen on the directly connected switchport, So we did some further tests to identify if switch is dropping or the Controller is not sending the correct packets.
Connected the CloudGenix controller port to a Laptop directly using a patch cord. Laptop was assigned the Default GW IP addres. Wireshark captures started and could see BFD packets on the Capture. What I see as a possible issue could be wireshark says these are malformed packets.
Connected CloudGenix controller port to the swiitch interface GigabitEthernet5/47. Did an EPC capture on the switch interface GigabitEthernet5/47 but do not see these packets at all. Can see other packets though.
Did a EPC control-plane capture on that interface and do not see these packets. Can see other packets though.
Can't seem to find the correct reason for switch dropping/discarding these packets. Hope someone can help. Attached is the packet capture showing the malformed packets
1> CloudGenix BFD process uses port UDP 3784 which is not a standard port for multi hop BFD. FOr multihop BFD the port no is 4784.
2> Cisco 4500E in this case was dropping these packets in TCAM which in itself is a Bug and has been fixed with new releases and provides an option to disable BFD. This prevents inspection of BFD packets and hence the UDP 3784 packets are allowed .
Disable BFD on Cisco IOS with - "feature bfd disable"
On older IOS' there is no work around but to upgrade the IOS and run the above command.
SD-Access provides automated end-to-end services (such as segmentation, quality of service, and analytics) for user, device, and application traffic. SD-Access automates user policy so organizations can ensure the appropriate access control and applicati...
Purpose: This document shows you how to create a group-based security policy in Cisco DNA Center.
Security policies determine the types of network traffic permitted or denied between scalable groups. Scalable groups are a critical compo...
Are you an experienced network professional?
If yes, we'd like to understand how we can better organize network management activities in a way that makes sense to you. Your response will help Cisco improve a product feature that could benefit you.&nb...
Hello I am getting this following error and get ACTV, XPS and S-PWR LEDs amber then suddenly all LEDs are off: Booting...(use DDR clock 667 MHz)*** Coprocessor Unusable Exception ***PC = 0x00000000 00000000SP = 0x00000000 00000000Cause Reg...