Hi Priscilla Unfortunately, I'm not in the Office right now. So I've just got the following information at the moment:
IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(10a), RELEASE SOFTWARE (fc1) cisco 7204VXR (NPE400) processor (revision A) with 114688K/16384K bytes of memory interface FastEthernet0/0 ip address 10.241.207.197 255.255.255.240 no ip redirects no ip proxy-arp duplex full speed 100 ntp disable standby 1 ip 10.241.207.196 standby 1 preempt standby 1 track ATM2/0.2010 arp 10.241.207.193 0100.5e7c.0006 ARPA Otherwise, there's no special configuration. The static arp entry is needed for the stonebeat solution. As you see, it's just at Layer2 a multicast. At Layer 3 there's just Unicast. I know it sounds silly, but that's the way stonebeat implements its cluster solution. The interesting thing is, that in the LAN I have two other 7200 Routers with the same config but with NPE 300 Processor board and IOS 12.2(4). Those 2 Routers don't replicate the traffic. The same behaviour has been reported by others as well. If you do a search for 'stonebeat' or 'multicast storm' on Cisco's 'Networking Professionals Connection' you can find those. It seems to be a general problem with some Cisco routers, not a Configuration Problem. That's why I was looking for a 'filter-solution. Regards Lars Bucher ""Priscilla Oppenheimer"" schrieb im Newsbeitrag news:200211121958.TAA22356@;groupstudy.com... > Bucher Lars wrote: > > > > I'm trying to configure an input-access-list on 7204 Routers > > (IOS 12.2(10)), > > which should filter on the destination (!) MAC-address but > > can't get it > > work. Is this even possible? > > > > The router should ignore all traffic with a destination-MAC > > (multicast) of > > 0100.5e7c.0006 and accept all other traffic. In my setup, this > > address is > > used with Firewalls in a Stonebeat cluster. > > > > Without filter my routers, by mistake, listen to this traffic, > > replicate it > > and send it out again which causes multicast-storms. > > Wouldn't it be better to figure out why the router is doing this? Normally, > a router doesn't replicate multicast traffic and send it out again. Why is > it doing this? Can you send us your config?? > > Priscilla > > > > > I've read that this is quite a common behaviour observed with > > Cisco-Routers > > that run HSRP. By mistake some Routers (depending on what?) > > sometimes listen > > to all Layer2 Multicast-Traffic instead to just the > > HSRP-Multicasts. > > > > Unfortunately, I can't configure any filters on the switch, > > which led me to > > the idea to apply a filter on the routers. > > > > It's no problem to configure an extended MAC Access-list > > (access-list > > ). But I struggle with applying it to the interface. > > The 'bridge-group input-address-list ' just allows > > standard MAC > > Access-Lists, which would filter the source-address only. > > > > So I tried the follwoing approach (CAR): > > > > access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff > > 0100.5e7c.0006 > > 0000.0000.0000 > > access-list 101 permit ip any any > > > > interface fastethernet0/0 > > rate-limit input access-group 1100 100000000 100000 100000 > > conform-action > > drop exceed-action drop > > rate-limit input access-group 101 100000000 100000 100000 > > conform-action > > transmit exceed-action transmit > > > > In the lab the router accepted the commands, but now it blocks > > all traffic > > instead just the specified destination mac-address. > > > > Any suggestions? Thanks in advance. > > > > Lars Bucher Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57320&t=57320 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
