Community discussions

 
User avatar
dcordovez
just joined
Topic Author
Posts: 2
Joined: Tue Oct 30, 2018 4:52 am

What is the traffic type cc2d? (bridge port received packet with own address as source address...)

Wed Oct 31, 2018 4:05 am

Hello
I hope someone can help me, because this problem has already given me a lot of work and I have tried everything.
I have a router CCR-1009, which more or less randomly (because they can spend several hours without problems), begins to give alerts of a packet received in a bridge port which originates from the same bridge MAC, and therefore a "possible loop"..
bridge port received packet with own address as source address (xx:xx:xx:xx:xx:xx), probably loop
In this CCR I have three bridges created, and the problem originates only with one. I already tried to change the MAC of the bridge for a fixed one, also to recreate the bridge again with another MAC, also try to update the router's firmware, change cables and connections. in short, I analyzed every possible point of failure.

I made a capture of the package that generates the "possible loop" to see it with Wireshark. The received packet originates from the MAC of the Bridge, and by destination the MAC 55: 55: 55: 55: 55: 5d and the protocol is 0xcc2d

In the CCR create rules to detect and filter any packet entering or leaving or crossing the router that was of type cc2d, the rules work .. they detect it make the "drop" but still the router generates the alert message by the loop :(
Please, if someone has an idea that may be happening ... I would appreciate it if you could help me.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 579
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: What is the traffic type cc2d? (bridge port received packet with own address as source address...)

Wed Oct 31, 2018 12:08 pm

What exactly do you have configured on that bridge?
What is connected to it?
Do you have (R/M)STP running on it?
 
User avatar
dcordovez
just joined
Topic Author
Posts: 2
Joined: Tue Oct 30, 2018 4:52 am

Re: What is the traffic type cc2d? (bridge port received packet with own address as source address...)

Wed Oct 31, 2018 4:02 pm

Hi !,
I did the tests with and without RSTP.

This router basically receives three different Internet links. Everyone in "stuck" in a bridge. And each bridge is connected to the same Cisco Swtich whose doors are in separate VLANs. Then these three VLANs are carried by a trunk link (port in Trunk mode) to an AirFiber, which transports this to a hill where another Swtich cisco receives this Trunk link and separates it again into the 3 VLANs to connect each VLAN. to a different Swtich where clients connect. VLANs are only visible among the cisco swotch. Everything that enters and leaves each one is without a tag.

This configuration had worked for a long time without problems. Initially with some RB450, and then with the CCR1009. The problem started from one moment to another and is generated only at some moments during periods that can be from 1 to two hours approx.

The strange thing is that it seems that the packet is generated from inside the router. I did the test of adding some filters to detect and block any traffic of that type "cc2d". The rules work, they detect and block but then the message of the loop appears. (attached images)

The filtering rules applied in the CCR (interface bridge filter)
Image

The result in the LOG
Image

I did the test of connecting a CRS326 in cascade to the same Bridge with problems in the CCR, and then connecting the Cisco Swtich in another port of the CRS326 (I put the CRS3260 in between the CCR and the Cisco Swtich) and apply the same filtering rules in the CRS326 in order to see where the package came from. The CRS326 detects the "cc2d" type packet only coming out from the CCR, it does not come from any other side.

Who is online

Users browsing this forum: MSN [Bot] and 116 guests