Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Big amount of flow from a bogus IP Address

Big amount of flow from a bogus IP Address

Created by Daniel Phillipps, last modified by MindTouch on Jun 23, 2016

Views: 29 Votes: 0 Revisions: 5

Overview

There is a big amount of flow from a bogus IP address.

Environment

  • NTA 4.x
  • Cisco IOS-XE versions

Cause 

Cisco has confirmed that there are bugs in the current software they have.

Some symptoms for this bug is getting a big amount of flows from bogus IP addresses that do not exist in your network.

Another behavior found on this bug is when running this command, you can see the output interface changing for the same flows.

sh flow monitor <monitor name>  cache filter ipv4 source add 10.x.x.x ipv4 destination address 10.x.x.x

Known affected releases are 3.6.0 and other customers have reported the same problem with 3.7.1 and 3.7.2.

Resolution

The fix for this bug is available on IOS Versions 3.6.3 E, 3.7(3)E and the latest and suggested version at Cisco Download Software 3.6.4E.

 

Last modified
20:27, 22 Jun 2016

Tags

Classifications

Public