Cisco. LOOPGUARD. Traffic limited.

In our case, a symptom that our Cisco Swich has reached the limit of its traffic management capacity at moment in  time is the  "LOOPGUAR_BLOCK" and "LOOPGUAR_BLOCK" alerts

At Switch

At Syslog

We can reproduce this problem when we move/copy big information amount. Example move Virtual Machines, Backup, etc.

A few of Literature:

"LoopGuard prevents alternateor root port from becoming designated in absence of BPDUs."

"Protects alternate (blocked) or root (forwarding) ports from moving to forwarding upon no receipt of BPDU’s."

"If a Port Receive state machine receives an inferior RST BPDU from a Port that believes itself to be a Designated Port AND is Learning or Forwarding it will set disputed, causing this state machine to transition a Designated Port to Discarding"

by GoN | Published: March 24, 2017 | Last Updated:

NAGIOS. Unauthorized user. Rapid Response

An anecdote in Nagios.

One user inform us that he can access a lot of information at our Nagios System. This user can't access to Nagios. And my questios was "How have you been able to do it?"

The user send us some screenshoot like:

We start a little analisys:

[ ] Check audit logs

I find which the user that have connected. I can view his username, IP address and date connection.

[ ]  Now, With your username and I can check his user privileges 

He has read only permissions.

[] I compare the audit date log with other user screenshot

[ ] I connect to Nagios server by console. With the IP addrees I check the Apache logs:

We can view what is the first user link connection.

 https://servidor/nagiosxi/rr.php?uid=6-7233-d69ce763420a85291a4ab106cf57d15d

[ ] CONCLUSION:

In Apache logs We can see which URL he has used and how the user cut the URL (log apache second line) to connect to other Nagios options later ( https://servidor/nagiosxi).

The origin was one URL in a well-known informative email.

When the user clicking the link goes to Nagios: 

by GoN | Published: March 24, 2017 | Last Updated: