From: ismail el-shalh (ishelh_mdsa@yahoo.com)
Date: Mon Jun 04 2007 - 15:14:54 ART
Hi Edison,
Actually the task said also "do not use neighbor command" sorry I did not mention it assuming that you will go back to the workbook and read it there, also authentication is only done on the frame-relay, anyhow you are right that we should block hello packets sourcing from BB3 and in this case filtering should be done using access-list and apply it under fas0/24 on SW3.
but what about issue 2?
why the Switch 3750 is not doing the expected result upon entering the following command:
no ip igmp snooping vlan 1363
mac-address-table static 0100.5e00.000a vlan 1363 interface FastEthernet1/0/1 FastEthernet1/0/19
SW1 is still forwarding the multicast traffic toward R3!
R1 and R3 are connected to the same swith (SW1)
R1 -E0--VLAN 1363---- 1/0/1 --SW1
R3-F0/0--VLAN 1363---1/-/3--SW1
SW1---0/19--VLAN 1363---0/13--SW3---0/20----VLAN 1363--0/20-SW3--0/24---VLAN 1363---E0--BB3
Ismail El-Shalh :)
MMR/MDSA
----- Original Message ----
From: Edison Ortiz <edisonmortiz@gmail.com>
To: ismail el-shalh <ishelh_mdsa@yahoo.com>; ccielab@groupstudy.com
Sent: Monday, June 4, 2007 8:51:21 PM
Subject: Re: IEWB LAB 14, Task 4.5 EIGRP
I believe you are going the wrong way on this task. How about configuring
MD5 on EIGRP between these devices and for additional protection change the
hello exchange from multicast to unicast by using the neighbor statement
under the EIGRP process ?
__
Edison Ortiz
(Routing & Switching, CCIE # 17943)
----- Original Message -----
From: "ismail el-shalh" <ishelh_mdsa@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Monday, June 04, 2007 1:13 PM
Subject: IEWB LAB 14, Task 4.5 EIGRP
> Hi Group,
>
> The task is stating "Do not allow BB3 to intercept EIGRP updates coming
> from R1, R3 and R6"
>
> Now I have two issues :
>
> Issue No.1
>
> - The solution is assuming that R6 and BB3 are connected to SW1 while they
> are not.
> - Because BB3 is connected to SW3, I believe we could solve this task by
> only issuing the following command on SW3 :
>
> no ip igmp snooping vlan 1363
> mac-address-table static 0100.5e00.000a vlan 1363 interface
> FastEthernet0/20 FastEthernet0/21
>
> by doing this we are telling SW3 (3550) to only forward the multicast
> address 224.0.0.10 toward port 0/20 and 0/21, hence BB3 will not receive
> any eigrp packets.
>
> Issue No.2
>
>
> SW1 in my lab is 3750, and the mac-address-table static did not work , for
> example if I want to only forward the multicast traffic 224.0.0.10 toward
> fas0/19 which is connected to SW4, and Fas0/1 which is connected to R1,
> the multicast packets are still forwarded to R3.
>
> no ip igmp snooping vlan 1363
> mac-address-table static 0100.5e00.000a vlan 1363 interface
> FastEthernet1/0/1 FastEthernet1/0/19
>
>
> Reply to request 0 from 204.12.1.9, 12 ms
> Reply to request 0 from 150.1.1.1, 20 ms
> Reply to request 0 from 204.12.1.6, 16 ms
> Reply to request 0 from 204.12.1.3, 12 ms <----- R3 is still receiving
> the multicast ?
>
> what is so special about the 3750 in this case ?
>
>
>
>
>
> Appreciating any input.
> Ismail El-Shalh :)
> MMR/MDSA
>
>
>
>
>
>
>
>
>
>
> ____________________________________________________________________________________
> Looking for a deal? Find great prices on flights and hotels with Yahoo!
> FareChase.
> http://farechase.yahoo.com/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:46 ART