Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
3
Replies

Shunning router ACL leaking?

bbenton
Level 1
Level 1

‎12-11-2003 05:28 AM - edited ‎02-20-2020 09:23 PM

Is it possible that a shunning router will leak normally blocked inbound packets? Possibly when the acl numbers are changed on the inbound shunning interface? We're seeing a few packets get through that should be blocked by the pre-shun acl, and were blocked 100% before shunning was enabled. We've confirmed the pre and post shun are correctly in the active shunning acl.

If it can't happen, where should I be looking for the problem?

Considering also applying the pre-shun to opposite interface outbound for a workaround?

Labels:
0 Helpful
3 Replies 3

dlac455
Level 1
Level 1

‎12-11-2003 08:37 AM

A related question is: what happens when the cpu hits 100%? Does that affect how the ACL's are handled?

0 Helpful

bbenton
Level 1
Level 1

‎12-11-2003 10:36 AM

Good point. Ours is a 3540 is does peak at 100% briefly now rather than the 50% is was peaking at before shunning.

Can anyone shed some light on these things?

0 Helpful

bbenton
Level 1
Level 1

‎12-15-2003 11:41 AM

Correction, router is 3640.

Anyone else, please?

0 Helpful
Customers Also Viewed These Support Documents