Page 1 of 1

Switch rules - redirect to cpu

Posted: Thu Oct 08, 2020 12:11 am
by njaard
I have a CRS312-4C+8XG. One of the ethernet ports (the internet port) may have malicious traffic and I'd like to do certain advanced software filtering

My first step is to redirect some traffic to the cpu:
/interface ethernet switch rule
add dst-port=99 ports=combo4 protocol=tcp redirect-to-cpu=yes switch=switch1
Ok.... now I'm stuck. How can I run cpu filter/firewalls on this traffic now? None of the packets ever get to any of the bridge rules nor the ip firewall rules. And there's no way I can get traffic from the switch1-cpu port.

I'm totally stumped and the documentation only says that "redirect-to-cpu" is for exactly this task.