Network Infrastructure Forums

Extreme / Avaya / Nortel => Extreme / Avaya / Nortel Ethernet Switching => Topic started by: szympek1234 on May 04, 2019, 04:40:41 AM

Title: How to block Mikrotik neighbour packet-port 5678 UDP to 5678 ip 255.255.255.255?
Post by: szympek1234 on May 04, 2019, 04:40:41 AM
Hi,

Does anyone have any solution to blocking traffic generated by mikrotik neighbour.
wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery
Packet is:  UDP src. address X.X.X.X src port. 5678 => dst. address 255.255.255.255 dst port. port 5678

I wrote the following ACL but it does not work. What am I doing wrong?

Tested on ERS 5530-24TFD FW:6.0.0.21  SW:v6.3.6.017 and ERS 5520 with same FW and SW.

qos traffic-profile classifier name mtik ethertype 0x806 eval-order 1 drop-out-action disable
qos traffic-profile classifier name mtik addr-type ipv4 protocol 17 dst-port-min 5678 dst-port-max 5678 drop-action enable eval-order 2 drop-out-action enable
qos traffic-profile classifier name mtik addr-type ipv4 protocol 17 src-port-min 5678 src-port-max 5678 drop-action enable eval-order 3 drop-out-action enable
qos traffic-profile classifier name mtik eval-order 4 drop-out-action disable
qos traffic-profile set port 1 name mtik