NPM Drop reason "L3 drop policy"

book

Article ID: 168078

calendar_today

Updated On:

Products

Control Compliance Suite Netware XOS

Issue/Introduction

Traffic matching the internal control network is dropped by NPM.Traffic is  dropped by an NPM and the Drop reason is  "L3 drop policy", e.g:  
 

CBS# show flow active proto 1

This command may take a few minutes.  Do you want to continue? <Y or N> [Y]:

Module                     Source                Destination       Prot   Dom    TTI/MAX
np1                         1.1.10.1:0              1.1.10.2:0        1
1  00:30/00:30
    Drop(L3 drop policy)
    rx circuit 1026     Master np1    Fast Path Y    rx packets 0

 

Cause

An NPM drops traffic with the reason "L3 drop policy" if the inbound packets match a flow rule defined with the action Drop.
 
If no user-defined flow rule exists with action Drop, you should compare the source and destination address with the configured system internal network. In the above example, traffic matches the default internal network 1.1.0.0/16. To protect the control plane, the NPM always implements a default IP flow rule, which drops all packets that conflict with the system internal network. 
 
 

Resolution

If the dropped traffic is valid, you may need to set the internal network to another unused network.
 
To list default IP flow rules run show default-ip-flow-rule.
To display the configured internal network run show system-internal-network.
 

Workaround

 N/A
Powered by Wolken Software