I upgraded a new out of the box EX2300 from version 15.1X53-D58.3 to 18.1R3-S3.8. Now the loopback filter is blocking NTP traffic. Same filter I use on EX2300/2200/4200 switches. But it only fails on 18.1.
> show configuration firewall family inet filter net-services term NTP
from {
source-prefix-list {
mgmt-networks;
}
protocol udp;
destination-port ntp;
}
then accept;
# show system ntp
boot-server 10.176.97.47;
server 10.176.97.47 prefer;
server 10.180.15.160;
source-address 10.176.2.196;
I set a logging filter to capture ntp packets on irb.0 trunked interface, I see NTP traffic which is blocked at the loopback
Mar 8 10:04:32 cssw3618 dc-pfe: PFE_FW_SYSLOG_IP: FW: xe-0/1/0.0 A udp Ji Ji 794931210 3288510474 (123 packets)
Mar 8 10:04:32 cssw3618 fpc0 PFE_FW_SYSLOG_IP: FW: xe-0/1/0.0 A udp 10.180.15.160 10.176.2.196 123 123 (1 packets)
Mar 8 10:04:32 cssw3618 fpc0 PFE_FW_SYSLOG_IP: FW: xe-0/1/0.0 A udp 10.176.97.47 10.176.2.196 123 123 (1 packets)
Mar 8 10:04:34 cssw3618 dc-pfe: PFE_FW_SYSLOG_IP: FW: xe-0/1/0.0 A udp Ji Ji 2685383690 3288510474 (123 packets)
Mar 8 10:04:34 cssw3618 fpc0 PFE_FW_SYSLOG_IP: FW: xe-0/1/0.0 A udp 10.180.15.160 10.176.2.196 123 123 (1 packets)
Mar 8 10:04:36 cssw3618 dc-pfe: PFE_FW_SYSLOG_IP: FW: xe-0/1/0.0 A udp Ji Ji 2685383690 3288510474 (123 packets)
Mar 8 10:04:36 cssw3618 fpc0 PFE_FW_SYSLOG_IP: FW: xe-0/1/0.0 A udp 10.180.15.160 10.176.2.196 123 123 (1 packets)
I even tried some weird suggestions found in other discussions; no joy.
# show system static-host-mapping localhost inet 10.176.2.196
Anyone have a suggestion I haven't tried?