Yes it would be nice if you could control where the HSRP advertisements are sent out. Something similar to the passive-interface command with EIGRP would be nice.
Let me know if you work this one out. I don't like the idea of HSRP spamming our Ethernet VLAN's either. Aaron Riemer -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leif Sawyer Sent: Friday, 14 November 2008 7:58 AM To: cisco-nsp Subject: Re: [c-nsp] 3750 HSRP question Tassos Chatzithomaoglou writes: > > What about the following? > > mac address-table static 0100.5e00.0002 vlan X int A B ... > > Just don't include the 2 appliance interfaces into the > interface list (or include only the 2 hsrp ports). Nope. That doesn't seem to do anything -- I'm still seeing the HSRP packets in my sniffer. Sigh. Cisco sure doesn't want to perform outbound MAC-layer filtering on it's interfaces, no matter what the security implications might be. It sure would be nice if they'd figure out that allowing this traffic to be restricted to known/allowed ports, the network would be just a little bit safer. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ LEGAL DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/