From: Ashok M A (ashok_ccie@yahoo.co.in)
Date: Mon Oct 10 2005 - 14:54:15 GMT-3
Hi Bob,
Here is the config and more information:
Switch
~~~~~~
SW2#sh ip igmp snooping vlan 1
Global IGMP Snooping configuration:
-----------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Vlan 1:
--------
IGMP snooping : Disabled
Immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
Source only learning age timer : 10
SW2#show run | inc mac-address
mac-address-table static 0100.5e01.0102 vlan 1
interface GigabitEthernet0/8
SW2#
~~~~~~
R8#show run int e0
Building configuration...
Current configuration : 124 bytes
!
interface Ethernet0
ip address 22.22.22.8 255.255.255.0
ip igmp join-group 224.1.1.2
ip igmp join-group 224.1.1.8
end
R8#
~~~~~
In the above config i disabled snooping and given
static mac-address for 224.1.1.2 group. With this i
should not able to ping 224.1.1.8 address.
Test result is as follows:
~~~~
R1#ping 224.1.1.8
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.8, timeout
is 2 seconds:
Reply to request 0 from 22.22.22.8, 240 ms
Reply to request 0 from 22.22.22.8, 320 ms
R1#ping 224.1.1.2
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.2, timeout
is 2 seconds:
Reply to request 0 from 22.22.22.8, 236 ms
Reply to request 0 from 22.22.22.8, 312 ms
R1#
~~~~~
But if i now change the static mac address entry, for
example to port g0/9, it will be getting dropped.
~~~~
on switch:
mac-address-table static 0100.5e01.0102 vlan 1
interface GigabitEthernet0/9
R1#ping 224.1.1.2 repeat 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 224.1.1.2, timeout
is 2 seconds:
..
R1#
R1#
R1#ping 224.1.1.8 repeat 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 224.1.1.8, timeout
is 2 seconds:
Reply to request 0 from 22.22.22.8, 76 ms
Reply to request 0 from 22.22.22.8, 92 ms
Reply to request 1 from 22.22.22.8, 80 ms
Reply to request 1 from 22.22.22.8, 92 ms
R1#
~~~~~~~
Thanks,
Ashok
--- Bob Sinclair <bob@bobsinclair.net> wrote:
> Ashok,
>
> To confirm my understanding; are you saying that
> when you disable igmp snooping for a vlan, that the
> switch still dynamically assigns multicast addresses
> to ports based on the reception of IGMP membership
> reports from directly attached clients? This is not
> the behavior I would expect. Could you post some
> show commands?
>
> Bob Sinclair
> CCIE #10427, CCSI 30427, CISSP
> www.netmasterclass.net
>
> ----- Original Message -----
> From: Ashok M A
> To: bsinclair@netmasterclass.net ;
> gladston@br.ibm.com ; ccielab@groupstudy.com
> Sent: Monday, October 10, 2005 12:57 PM
> Subject: RE: Multicast Limit on 3550
>
>
> Hi Bob,
>
> I tried your solution given below and it doesn't
> seem
> to work:
> ~~~~
> no ip igmp snooping vlan 1
> mac-address-table static 0100.5e40.0101 vlan 1
> interface FastEthernet0/3
> ~~~~
>
> Looks like even snooping is disabled, mac address
> is
> learnt at the switch. Correct me if i am wrong.
>
>
> Thanks & Regards,
>
> Ashok M A
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of Bob
> Sinclair
> Sent: Thursday, September 23, 2004 3:32 AM
> To: gladston@br.ibm.com; ccielab@groupstudy.com
> Subject: Re: Multicast Limit on 3550
>
> Gladston,
>
> Either of those two scenarios will work. You can
> block the igmp membership reports with igmp
> filters on
> each disallowed layer 2 interface. If you are
> using
> routers to simulate the host, do not configure PIM
> on
> the interface.
> The mroute table on the upstream router should not
> indicate a connected host on that interface.
>
> You could also disable igmp snooping for the vlan
> and
> hard-code the multicast mac to the permitted
> interfaces, like so:
>
> no ip igmp snooping vlan 1
> mac-address-table static 0100.5e40.0101 vlan 1
> interface FastEthernet0/3
>
> HTH
>
> Bob Sinclair
> CCIE #10427, CISSP, MCSE
> www.netmasterclass.net
>
> ----- Original Message -----
> From: <gladston@br.ibm.com>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, September 22, 2004 2:55 PM
> Subject: Multicast Limit on 3550
>
>
> > How would you limit just some hosts connected to
> a
> 3550 to receive
> > multicast packets destinated to 239.192.1.1?
> >
> > I am reading "Configuring IGMP Snooping and MVR"
> but
> could not find a
> > specific answer.
> >
> > An indirectly way seems to be configure IGMP
> Profile
> on each interface.
> >
> > Globally disabling IGMP and configuring static
> MACs
> would work? Or 3550 by
> > default forward multicast packets to all ports
> when
> IGMP is disabled, as
> > 5500 when CGMP is disabled?
> >
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3