Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Repeated UDP access denied errors for netbios broadcast

Status
Not open for further replies.
barrybyrne

barrybyrne

MIS
Dec 16, 2002
16
IE
Hi,

I'm getting repeated errors regarding broadcast traffic on all interfaces on our PIX 515 running version 7.0 software. Examples below. This would appear to be NetBIOS broadcast traffic, but I don't understand why it should try to pass the interface, as the interface (wifi) is specified as 10.10.8.1/24. I've tried a myriad of different access-lists but can't stop the errors being logged.

Any help or insight would be appreciated.

Thanks,

Barry

Apr 26 16:55:53 pix1 Apr 26 2005 16:55:53 : %PIX-3-710003: UDP access denied by ACL from 10.10.8.213/138 to wifi:10.10.8.255/138
Apr 26 16:56:00 pix1 Apr 26 2005 16:56:00 : %PIX-3-710003: UDP access denied by ACL from 10.10.8.204/137 to wifi:10.10.8.255/137
 
Sort by date Sort by votes
What logging level are you running?? Informational?

This is my setup..

logging on
logging timestamp
logging trap notifications
logging host inside cssnt04
no logging message 400011

Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)

Compiled on Fri 02-Jul-04 00:07 by morlee

vpn up 13 days 19 hours

Trap logging: level notifications, 528118 messages logged

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Logging errors:

logging enable
logging timestamp
logging trap errors
logging host lan loghost
 
Upvote 0 Downvote
One thing to note.. broadcast traffic doesn't just goto one IP address.. your PIX is giving you an error because it doesn't forward broadcasts.. it can't do anything with it.

That would be normal behavior.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Thanks for your input.

I understand it doesn't forward broadcasts - I wouldn't expect it to, but I don't understand why it logs it as an error.

Cheers,

Barry
 
Upvote 0 Downvote
that's a good question, that maybe cisco could answer.. as it obviously was a change in procedure from 6.3(4) to 7.0

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
not anything changed there, local broadcasts have always been logged as an acl violation beacause it is not allowed at all. That msg is not an error, just information.


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
If you do not care about those messages you can disable that error using the command
no logging message 710003
 
Upvote 0 Downvote
my bad, I don't remember seeing those messages in my syslog server.... 's why i figured it was a change.. and i run mine as pointed above, at notification level.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Thanks for the input.

I've disabled the logging of that error number for the present. Think it's a bit strange as it's logged at severity level 3, and other errors with this number might be relevant. Will raise it with Cisco and see what they say.

Cheers,

Barry
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

salanje87
  • Locked
  • Question
Block Broadcast storming.
Replies
3
Views
244
hairlessupportmonkey
hairlessupportmonkey
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
287
Johnkite
Johnkite
jsaad
  • Locked
  • Question
udp timer
Replies
0
Views
181
jsaad
jsaad
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
237
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
351
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top