Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
4
Helpful
1
Replies

Bad Ip header Recieved and Dos Attack alert Css11503

eoin
Level 1
Level 1

‎01-16-2004 03:00 AM

Hi,

I'm currently experiencing problems with my redundant CSS's I have logging setup to e-mail errors. Intermittently I receive the following messages;

JAN 16 10:22:08 1/1 1392227 IPV4-4: Ipv4MasterForwIphdrChk: Dest = 224.0.0.18,

Src = 192.168.99.2, DosAttack ILLEGAL SOURCE

JAN 16 10:22:08 1/1 1392228 VRRP-4: VrrpMain: bad IP header received, Bman free'd

From Previous post I noticed that there was a bug similar to this but I am currently using a version of software that is suppose to resolve this problem.

Web-CSS01# sh ver

Version: sg0720104 (7.20 Build 104)

Flash (Locked): 7.10 Build 3

Flash (Operational): 7.20 Build 104

Type: PRIMARY

Licensed Cmd Set(s): Standard Feature Set

Enhanced Feature Set

Secure Management

I would be very greatful form any help on this.

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎01-16-2004 04:08 AM

The bug you mentioned is realted to multicast traffic that the CSS does not understand.

In this case, this is traffic generated by a CSS.

This is VRRP, the protocol use for CSS redundancy.

I believe you opened a case for this and the suggestion (which is correct) is to have preempt only on one CSS not on both.

You could also experience this, if one side is not configured for redundancy.

So, check your config and make sure you apply the recommendations.

Regards,

Gilles.

Customers Also Viewed These Support Documents