It could be related to the problem described here: http://www.firewall-1.org/2002-05/msg00646.html
l0stbyte Priscilla Oppenheimer wrote: > Can you help us understand the situation better? Thanks. > See some questions inline. > > l0stbyte wrote: > > >Hitesh Pathak R wrote: > > > > > >>Dear Group, > >> > >>Need your help in setting up the following :- > >> > >>SETUP :- There are 2 core switches SW1 & Sw2 (connected back > > > >to back with > > > >>both > >>the SUP GE ports Fiber uplink (Channeld and trunk). On one of > > > >the switch > > > >>(SW1) > >>I have 2 firewalls connected in cluster mode. For this > > > >clustered > > > >>firewall I > >>have bind the multicast mac address on the switch SW1 as the > > > >recommended > > > >>method by the firewall vendor by the command (set cam > > > >permanent ). > > > On SW1, you have a permanent cam entry for the multicast address used > by the > firewall cluster? Why? How is that permanent entry used and why is it > necessary? Sorry if this is a stupid question, but I think it will help us > understand what you are trying to accomplish. > > > >>Now the problem faced here is since they have only bind the > > > >mac > > > >>address to 2 > >>ports on SW1 (switch one ONLY) there seems to be some > > > >multicast packets > > > >>flooding on my second core switch SW2 for that multicast > > > >address. > > > Switches flood multicasts by default. So it makes sense that the multicast > is flowing over to SW2 also. > > > >>The customer wants to stop this broadcast from hapening on > > > >2nd switch > > > >>SW2 and > >>hence wants to bind the same multicast mac address on the 2nd > > > >Switch > > > >>with the > >>trunk ports going to SW1 from SW2. > > > The multicast will come across the trunk, so you should be able to put a > permanent cam entry mapping the multicast address to the trunk port. But > what problem will that solve? Are you trying to stop the multicast from > flowing out the other ports on SW2? How does a permanent cam entry > help with > that? > > Maybe you should look into CGMP or IGMP snooping. They can stop multicasts > on switches, if the applications send IGMP joins. > > Anyone else have any suggestions or understand his situation? > > Priscilla > > > >>Has anybody faced similar situation ?? Is this configuration > >>supported. Can I > >>bind the cam entry to my trunk port on the SW2 as well with > > > >the same > > > >>multicast > >>mac address?? > >> > >>Many thanks in advance. > >> > >>Thanks > >>Hitesh > >>DISCLAIMER: > >>Information contained and transmitted by this E-MAIL is > > > >proprietary to > > > >>Wipro > >>Limited and is intended for use only by the individual or > > > >entity to > > > >>which it > >>is addressed, and may contain information that is privileged, > > > >confidential > > > >>or exempt from disclosure under applicable law. If this is a > > > >forwarded > > > >>message, the content of this E-MAIL may not have been sent > > > >with the > > > >>authority of the Company. If you are not the intended > > > >recipient, an > > > >>agent of > >>the intended recipient or a person responsible for > > > >delivering the > > > >>information to the named recipient, you are notified that > > > >any use, > > > >>distribution, transmission, printing, copying or > > > >dissemination of this > > > >>information in any way or in any manner is strictly > > > >prohibited. If you > > > >>have > >>received this communication in error, please delete this mail > > > >& notify us > > > >>immediately at [EMAIL PROTECTED] > > > >is it a checkpoint FWs cluster? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60256&t=60235 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
