Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA Discover Bad IP

Hi,

The CSA in the Publisher and the Subs are giving me those messages

Event Type: Error

Event Source: CSAgent

Event Category: Kernel Rule

Event ID: 256

Date: 3/13/2006

Time: 2:26:17 PM

User: N/A

Computer: CCM-PUB1-046

Description:

A packet with a bad IP address was detected. Reason: Source matches Destination address (La Tierra). UDP: 10.9.46.3/137->10.9.46.3/137. The operation was denied.

I look in the network and I can not find another device with the same IP as my Callmanagers. Did somebody have a idea

1 REPLY
Silver

Re: CSA Discover Bad IP

Those are netbios name service packets, and I suspect maybe you have ip helper-address configured to forward dhcp requests from local phone subnets to the server subnet, and the server broadcasts are getting looped back too - if you don't pare the list down with the ip forward-protocol command, a bunch of broadcast traffic gets forwarded:

Enabling a helper address or UDP flooding on an interface causes the Cisco IOS software to forward particular broadcast packets. You can use the ip forward-protocol command to specify exactly which types of broadcast packets you would like to have forwarded. A number of commonly forwarded applications are enabled by default. Enabling forwarding for some ports (for example, Routing Information Protocol (RIP) may be hazardous to your network.

If you use the ip forward-protocol command, specifying only UDP without the port enables forwarding and flooding on the default ports.

One common application that requires helper addresses is Dynamic Host Configuration Protocol (DHCP). DHCP is defined in RFC 1531. DHCP protocol information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the router interface closest to the client. The helper address should specify the address of the DHCP server. If you have multiple servers, you can configure one helper address for each server. Because BOOTP packets are forwarded by default, DHCP information can now be forwarded by the software. The DHCP server now receives broadcasts from the DHCP clients.

If an IP helper address is defined, UDP forwarding is enabled on default ports. If UDP flooding is configured, UDP flooding is enabled on the default ports.

If a helper address is specified and UDP forwarding is enabled, broadcast packets destined to the following port numbers are forwarded by default:

•Trivial File Transfer Protocol (TFTP) (port 69)

•Domain Naming System (port 53)

•Time service (port 37)

•NetBIOS Name Server (port 137)

•NetBIOS Datagram Server (port 138)

•Boot Protocol (BOOTP) client and server datagrams (ports 67 and 68)

•TACACS service (port 49)

•IEN-116 Name Service (port 42)

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter09186a0080238b72.html#wp1169057

Mary Beth

249
Views
0
Helpful
1
Replies
CreatePlease login to create content