Bucher Lars wrote: > > I'm trying to configure an input-access-list on 7204 Routers > (IOS 12.2(10)), > which should filter on the destination (!) MAC-address but > can't get it > work. Is this even possible? > > The router should ignore all traffic with a destination-MAC > (multicast) of > 0100.5e7c.0006 and accept all other traffic. In my setup, this > address is > used with Firewalls in a Stonebeat cluster. > > Without filter my routers, by mistake, listen to this traffic, > replicate it > and send it out again which causes multicast-storms.
Wouldn't it be better to figure out why the router is doing this? Normally, a router doesn't replicate multicast traffic and send it out again. Why is it doing this? Can you send us your config?? Priscilla > > I've read that this is quite a common behaviour observed with > Cisco-Routers > that run HSRP. By mistake some Routers (depending on what?) > sometimes listen > to all Layer2 Multicast-Traffic instead to just the > HSRP-Multicasts. > > Unfortunately, I can't configure any filters on the switch, > which led me to > the idea to apply a filter on the routers. > > It's no problem to configure an extended MAC Access-list > (access-list > ). But I struggle with applying it to the interface. > The 'bridge-group input-address-list ' just allows > standard MAC > Access-Lists, which would filter the source-address only. > > So I tried the follwoing approach (CAR): > > access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff > 0100.5e7c.0006 > 0000.0000.0000 > access-list 101 permit ip any any > > interface fastethernet0/0 > rate-limit input access-group 1100 100000000 100000 100000 > conform-action > drop exceed-action drop > rate-limit input access-group 101 100000000 100000 100000 > conform-action > transmit exceed-action transmit > > In the lab the router accepted the commands, but now it blocks > all traffic > instead just the specified destination mac-address. > > Any suggestions? Thanks in advance. > > Lars Bucher > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57314&t=57312 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
