Cisco Cisco Firepower Management Center 2000 Manuale Tecnico
Tip: Read to find the steps on how to capture traffic on the Firepower appliances.
Here are some examples:
EIGRP
If the Trust rule operates as expected, you should not see the following traffic:
16:46:51.568618 IP 10.0.0.1 > 224.0.0.10: EIGRP Hello, length: 40
16:46:51.964832 IP 10.0.0.2 > 224.0.0.10: EIGRP Hello, length: 40
OSPF
If the Trust rule is operates as expected, you should not see the following traffic:
16:46:52.316814 IP 10.0.0.2 > 224.0.0.5: OSPFv2, Hello, length 60
16:46:53.236611 IP 10.0.0.1 > 224.0.0.5: OSPFv2, Hello, length 60
BGP
If the Trust rule is operates as expected, you should not see the following traffic:
17:10:26.871858 IP 10.0.0.1.179 > 10.0.0.2.32158: Flags [S.], seq 1060979691, ack 3418042121,
win 16384, options [mss 1460], length 0
17:10:26.872584 IP 10.0.0.2.32158 > 10.0.0.1.179: Flags [.], ack 1, win 16384, length 0
Note: BGP rides on top of TCP and keepalives are not as frequent as the IGPs. Assuming
there are no prefixes to be updated or withdrawn, you may need to wait for a longer period of
time to verify you are not seeing traffic on port TCP/179.
there are no prefixes to be updated or withdrawn, you may need to wait for a longer period of
time to verify you are not seeing traffic on port TCP/179.
Troubleshooting
If you still see the routing protocol traffic, please perform the following tasks:
Verify that the Access Control Policy was successfully applied from the FireSIGHT
Management Center to the Firepower appliance. In order to do that, navigate to the System
> Monitoring > Task Status page.
Management Center to the Firepower appliance. In order to do that, navigate to the System
> Monitoring > Task Status page.
1.
Verify that the rule action is Trust and not Allow.
2.
Verify that logging is not enabled on the Trust rule.
3.