03-26-2015 02:20 AM
Hello Everyone,
Yesterday i installed a Cisco SG500-28 als L3 routing switch in our "Core".
Today every client with this switch as default gateway gets an "ICMP Flooding Attack" message in our ESET Business Security Firewall.
Is there any setting which i can change on the switch to suppress this message?
Thanks in advance!
Best regards,
Dan
Solved! Go to Solution.
03-27-2015 06:59 AM
Hi,
could it be possible that the ICMP flood reported by your client based IPS consists of "ICMP Redirect" Messages (Type 5)?
These are normally sent by routers or switch virtual interfaces when the routing engine logic finds that another router in the same subnet of the receiving interface is a better router for the clients.
Depending on the amount of traffic inbound this can cause some load on the switches CPU, at least on Catalyst series the redirects are send by the CPU and not the ASICs.
On IOS this behavior can be disabled with the "no ip redirects" command, something I would like to see on Small Business L3 switches too (Together with multiple IPs per SVI...)
03-26-2015 06:58 PM
Hi Dan,
There are no settings on the switch that can suppress ICMP flooding attack messages as I have looked through the switch. The switch does not block pings. You can try to do a packet capture on the switch to see what IP address is flooding the switch and see if the issue still occurs once you have found the source IP address that is flooding it.
I hope that was helpful.
03-27-2015 06:59 AM
Hi,
could it be possible that the ICMP flood reported by your client based IPS consists of "ICMP Redirect" Messages (Type 5)?
These are normally sent by routers or switch virtual interfaces when the routing engine logic finds that another router in the same subnet of the receiving interface is a better router for the clients.
Depending on the amount of traffic inbound this can cause some load on the switches CPU, at least on Catalyst series the redirects are send by the CPU and not the ASICs.
On IOS this behavior can be disabled with the "no ip redirects" command, something I would like to see on Small Business L3 switches too (Together with multiple IPs per SVI...)
11-06-2015 01:34 AM
Hi Kristof and Brian,
Sorry for my late response but these were indeed "ICMP Redirect" messages.
I made an exeption in the Eset Firewall and the messages went away.
Unfortunately i believe there is no way to disable ICMP redirects in the small business series.
Kind regards,
Dan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide