Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

LACP PDUs Dropped on ingress due to Deny and Permit Policy

« Go Back

Information

 
TitleLACP PDUs Dropped on ingress due to Deny and Permit Policy
Symptoms
When involving a permit and deny policy and a LAG configured with LACP, traffic passes over the link for some time then either times out or packet transmit errors are seen.

Policy example:
entry WAN {
if match all {
    source-address 128.228.93.80 / 29 ;
}
then {
    permit  ;
}
}
entry Deny_All_Ingress {
if match all {
}
then {
    deny  ;
}
}


Slot-1 Stack.11 # ping continuous 128.228.93.85 from 128.228.93.83
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable


 
Environment
  • EXOS
  • Link Aggregation Group with LACP
Cause
LACP PDUs are not being permitted on the policy and are eventually being blocked based on the action modifier. This can happen immediately or after a short period of time based on the short or long LACP timeout period configured.
Resolution
Add an entry to the policy to permit LACP PDUs.

entry permit_LACPPDU {
if match all {
    destination-mac-address 01:80:c2:00:00:02;
}
then {
    permit  ;
}
}
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255