Bucher Lars wrote: > > Hi Priscilla > > Unfortunately, I'm not in the Office right now. So I've just > got the > following information at the moment: > > IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(10a), RELEASE > SOFTWARE > (fc1) > cisco 7204VXR (NPE400) processor (revision A) with > 114688K/16384K bytes of > memory > > interface FastEthernet0/0 > ip address 10.241.207.197 255.255.255.240 > no ip redirects > no ip proxy-arp > duplex full > speed 100 > ntp disable > standby 1 ip 10.241.207.196 > standby 1 preempt > standby 1 track ATM2/0.2010 > > arp 10.241.207.193 0100.5e7c.0006 ARPA > > Otherwise, there's no special configuration. > > The static arp entry is needed for the stonebeat solution.
Yes, I've heard of this kludge. ;-) > As > you see, it's > just at Layer2 a multicast. At Layer 3 there's just Unicast. Are you sure these aren't Layer 3 mutlicasts also? It's in the range of multicast addresses reserved by IP Multicast. Regardless I stick to my comment that a "normal" router wouldn't forward these. It would have to be running ICMP and an IP multicast routing protocol. Of course, that's sort of normal too, but not default behavior. > I > know it > sounds silly, but that's the way stonebeat implements its > cluster solution. > > The interesting thing is, that in the LAN I have two other 7200 > Routers with > the same config but with NPE 300 Processor board and IOS > 12.2(4). > Those 2 Routers don't replicate the traffic. That's good. It confirms my belief that the behavior of the other router is odd. > > The same behaviour has been reported by others as well. If you > do a search > for 'stonebeat' or 'multicast storm' on Cisco's 'Networking > Professionals > Connection' you can find those. It seems to be a general > problem with some > Cisco routers, not a Configuration Problem. That's why I was > looking for a > 'filter-solution. Did the other person's response solve the problem for you? The one that talked abou IRB. Also, didn't we discuss this just a few days ago? Someone sent a URL that discussed something similar. Let's see if I can find the URL again.... Oh, I found it. It has to do with routers not sending multicast when they should! But it might have some hints for you. It's here: http://support.microsoft.com/default.aspx?scid=kb;en-us;223136 Wish I had more targetted advice for you! Anyone else want to help? Good luck. Keep us posted on what you figure out. Thanks. Priscilla > > Regards > Lars Bucher > > ""Priscilla Oppenheimer"" schrieb im > Newsbeitrag > news:200211121958.TAA22356@;groupstudy.com... > > Bucher Lars wrote: > > > > > > I'm trying to configure an input-access-list on 7204 Routers > > > (IOS 12.2(10)), > > > which should filter on the destination (!) MAC-address but > > > can't get it > > > work. Is this even possible? > > > > > > The router should ignore all traffic with a destination-MAC > > > (multicast) of > > > 0100.5e7c.0006 and accept all other traffic. In my setup, > this > > > address is > > > used with Firewalls in a Stonebeat cluster. > > > > > > Without filter my routers, by mistake, listen to this > traffic, > > > replicate it > > > and send it out again which causes multicast-storms. > > > > Wouldn't it be better to figure out why the router is doing > this? > Normally, > > a router doesn't replicate multicast traffic and send it out > again. Why is > > it doing this? Can you send us your config?? > > > > Priscilla > > > > > > > > I've read that this is quite a common behaviour observed > with > > > Cisco-Routers > > > that run HSRP. By mistake some Routers (depending on what?) > > > sometimes listen > > > to all Layer2 Multicast-Traffic instead to just the > > > HSRP-Multicasts. > > > > > > Unfortunately, I can't configure any filters on the switch, > > > which led me to > > > the idea to apply a filter on the routers. > > > > > > It's no problem to configure an extended MAC Access-list > > > (access-list > > > ). But I struggle with applying it to the interface. > > > The 'bridge-group input-address-list ' just allows > > > standard MAC > > > Access-Lists, which would filter the source-address only. > > > > > > So I tried the follwoing approach (CAR): > > > > > > access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff > > > 0100.5e7c.0006 > > > 0000.0000.0000 > > > access-list 101 permit ip any any > > > > > > interface fastethernet0/0 > > > rate-limit input access-group 1100 100000000 100000 100000 > > > conform-action > > > drop exceed-action drop > > > rate-limit input access-group 101 100000000 100000 100000 > > > conform-action > > > transmit exceed-action transmit > > > > > > In the lab the router accepted the commands, but now it > blocks > > > all traffic > > > instead just the specified destination mac-address. > > > > > > Any suggestions? Thanks in advance. > > > > > > Lars Bucher > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57332&t=57320 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
