From: Bob Sinclair (bsin@cox.net)
Date: Mon Jan 06 2003 - 18:56:24 GMT-3
James,
When the server that sources the multicast forms its Ethernet frame, it puts
the multicast MAC address as the destination address. It puts its own
physical address as the source MAC address. Since port security only looks
at source addresses, and multicast addresses are never seen as source
addresses, port security should no be a factor.
-Bob
----- Original Message -----
From: "Walker, James - Is" <JWALKER2@PARTNERS.ORG>
To: "'Tim Fletcher'" <tim@fletchmail.net>; <ccielab@groupstudy.com>
Sent: Monday, January 06, 2003 4:13 PM
Subject: RE: Port Security
> I can see where the port security does not come into play for group
members,
> what about the source of the multicast?
>
>
>
>
>
> -----Original Message-----
> From: Tim Fletcher [mailto:tim@fletchmail.net]
> Sent: Monday, January 06, 2003 4:05 PM
> To: Walker, James - Is; ccielab@groupstudy.com
> Subject: Re: Port Security
>
>
> If I recall correctly, port security only looks at the source MAC address
> of frames coming in on that interface. Since you should never see a
> muticast address as a source address, you should have no problem.
>
> -Tim Fletcher
>
> At 03:08 PM 1/6/2003 -0500, Walker, James - Is wrote:
> >I have a question for the masses.
> >
> >We are using port security on our catalyst switches and we allow only 1
mac
> >address per port.
> >
> >Question:
> >If there is a multicast traffic coming (source) or going (group member),
> would
> >the catalyst see the multicast mac address and shut the port down?
> >Multicast mac
> >address does get added to the cam table.........
> >
> >Am I correct in my assumption?
> >
> >Allowing 2 mac addresses per port by using 'set port security x/x maximum
> >2' is
> >not an option.
> >.
> .
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:43 GMT-3