NPM Drop reason "L3 drop policy"


Article ID: 168078


Updated On:


Control Compliance Suite Netware XOS


Traffic matching the internal control network is dropped by NPM.Traffic is  dropped by an NPM and the Drop reason is  "L3 drop policy", e.g:  

CBS# show flow active proto 1

This command may take a few minutes.  Do you want to continue? <Y or N> [Y]:

Module                     Source                Destination       Prot   Dom    TTI/MAX
np1                           1
1  00:30/00:30
    Drop(L3 drop policy)
    rx circuit 1026     Master np1    Fast Path Y    rx packets 0



An NPM drops traffic with the reason "L3 drop policy" if the inbound packets match a flow rule defined with the action Drop.
If no user-defined flow rule exists with action Drop, you should compare the source and destination address with the configured system internal network. In the above example, traffic matches the default internal network To protect the control plane, the NPM always implements a default IP flow rule, which drops all packets that conflict with the system internal network. 


If the dropped traffic is valid, you may need to set the internal network to another unused network.
To list default IP flow rules run show default-ip-flow-rule.
To display the configured internal network run show system-internal-network.