Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Bad Ip header Recieved and Dos Attack alert Css11503

Hi,

I'm currently experiencing problems with my redundant CSS's I have logging setup to e-mail errors. Intermittently I receive the following messages;

JAN 16 10:22:08 1/1 1392227 IPV4-4: Ipv4MasterForwIphdrChk: Dest = 224.0.0.18,

Src = 192.168.99.2, DosAttack ILLEGAL SOURCE

JAN 16 10:22:08 1/1 1392228 VRRP-4: VrrpMain: bad IP header received, Bman free'd

From Previous post I noticed that there was a bug similar to this but I am currently using a version of software that is suppose to resolve this problem.

Web-CSS01# sh ver

Version: sg0720104 (7.20 Build 104)

Flash (Locked): 7.10 Build 3

Flash (Operational): 7.20 Build 104

Type: PRIMARY

Licensed Cmd Set(s): Standard Feature Set

Enhanced Feature Set

Secure Management

I would be very greatful form any help on this.

1 REPLY
Cisco Employee

Re: Bad Ip header Recieved and Dos Attack alert Css11503

The bug you mentioned is realted to multicast traffic that the CSS does not understand.

In this case, this is traffic generated by a CSS.

This is VRRP, the protocol use for CSS redundancy.

I believe you opened a case for this and the suggestion (which is correct) is to have preempt only on one CSS not on both.

You could also experience this, if one side is not configured for redundancy.

So, check your config and make sure you apply the recommendations.

Regards,

Gilles.

344
Views
4
Helpful
1
Replies