High unwanted traffic flowing between two hosts over WAN Link

Unanswered Question
Jan 10th, 2008


i have problem of CPU utilization picks up on the one end router. And while i see ip accounting there seems lots of traffic flowing between the source router and remote end router public IPs. I tried to add ACL for denying IP Traffic between those IPs. That doest not solve my problem.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mounir.mohamed Thu, 01/10/2008 - 03:01

Can you share your config, or at least the source and destination + the ACL statments.

chinmay30 Thu, 01/10/2008 - 03:27

Router -1 : (Which is creating high traffic)

interface FastEthernet0/1

ip address 58.x.x.x

ip access-group 100 out

duplex auto

speed auto

access-list 100 deny ip host 59.x.x.x(Destination - other end) host 58.x.x.x

access-list 100 permit ip any any

Router -2

is having same config for interface with ip add in 59 series...and no ACL has been configured on it..and surprisingly no traffic flowing in or out showing on this router for source address 62.x.x.x.

chinmay30 Thu, 01/10/2008 - 03:50

I hope this clears.. if you still want any inputs please let me know..

bvsnarayana03 Thu, 01/10/2008 - 03:50

If u stop all communication between 2 routers, u'll end up loosing adjacency.

Is it possible to paste ip accounting output for these specific entries.

by the way, The acl shud be placed on serial interface if the 2 are forming neighborship over serial. Direction should be "in" bcoz destination is this router.

chinmay30 Thu, 01/10/2008 - 04:11

ACL will not work because they are not generating IP Traffic at all.. it seems.. and They are not connected directly using this interfaces..

Attached IP Accounting output for ur ref..

Kevin Dorrell Thu, 01/10/2008 - 03:59

Is it a typing error, or is your access-list the wrong way round? If it is any outgoin g access list, don't you need the remote host as the destination parameter?

access-list 100 deny ip host 58.x.x.x (our address) host 59.x.x.x (Destination - other end)

Kevin Dorrell


chinmay30 Thu, 01/10/2008 - 04:22

That was Typing mistake.. and ACL should not require at all as no host on this side sending any interesting traffic to other end.. but still in source router (58.x.x.x) generating lots of traffic towards Destionation router (59.x.x.x)


This Discussion