Page 1 of 1

420Mbps inside trafic

Posted: Wed Sep 11, 2019 5:29 pm
by wwwevecom
Hello, I see a lot of traffic 400-500 Mbps, inside traffic with src address ff02::fb:5353; and Blocks the network???

Re: 420Mbps inside trafic

Posted: Thu Sep 12, 2019 4:41 am
by joegoldman
that is specifically the CAPsMAN tunneling protocol - not sure why so much data would be going through it if not doing rolling upgrade etc - having it on all interfaces like that makes me think a bridge or loop issue.

Perhaps see if you can capture the traffic and load it up in wireshark so you can see the content of the traffic and get an idea of what its trying to do / what might be going wrong.

Short term fix might be to disable / enable CAPsMAN manager or reboot the head-end device.

Re: 420Mbps inside trafic

Posted: Thu Sep 12, 2019 12:01 pm
by wwwevecom
Hello, I caught the villain. I named him 11 september hack. this is what helped me - block multicast on bridge
/interface bridge filter add chain=forward in-bridge=bridge-vlan10-wifi-mall packet-type=multicast action=drop (optionaly mac-protocol=ipv6)
/interface bridge settings set use-ip-firewall=yes
And then locate multicast source from Wi-Fi point