From: Joseph Brunner (joe@affirmedsystems.com)
Date: Thu Sep 20 2007 - 00:36:14 ART
Excuse me, Antonio and Marvin,
Upon more careful application the original config works. I was under the
impression IP ACL's could not be applied to ports in l2 mode on a 3550|60
Thanks for the multicast storm control tip Marvin. I have read that before
on the DOC CD, but it didn't stick out...
These 4 hour drill-downs I'm doing are really helping with these tasks...
Going to do one for all these tasks tomorrow night...
-Joe
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Marvin Greenlee
Sent: Wednesday, September 19, 2007 10:39 PM
To: 'Joseph Brunner'; 'Antonio Soares'; 'Alex Steer'; ccielab@groupstudy.com
Subject: RE: filtering multicast frames
Not sure exactly what you mean by " SWITCHPORT mode; an ip acl won't work",
it worked fine for me in testing.
RouterA---Switch---RouterB
L3 ACL on switch applied to port connected to router A prevents RIP updates
from getting to RouterB. (Router A and Router B in same VLAN)
Regarding storm-control not working, see the note in the command reference:
"...Note If a multicast storm control suppression level is exceeded on a
switch, all traffic (multicast, unicast, and broadcast) is blocked until the
multicast traffic rate drops below the threshold. Only spanning-tree packets
are passed. If the broadcast or the unicast storm control suppression level
is exceeded, only that type of traffic is blocked until the rate drops below
the threshold..."
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
A Cisco Learning Partner - We Accept Learning Credits!
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab
Certifications.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph Brunner
Sent: Wednesday, September 19, 2007 9:38 PM
To: 'Antonio Soares'; 'Alex Steer'; ccielab@groupstudy.com
Subject: RE: filtering multicast frames
You should see other options Antonio, you're a general, I'm a private first
class.
The port is in SWITCHPORT mode; an ip acl won't work.
Just ran your config in my lab, where my R4 is currently running ripv2 with
BB2, still got rip routes...
But, you do this with a vacl...
vlan access-map BLOCKRIP 10
action drop
match ip address norip
vlan access-map BLOCKRIP 20
action forward
!
vlan filter BLOCKRIP vlan-list 102
!
ip access-list extended norip
permit ip any host 224.0.0.9
Can anyone think of other ways to block rip on a switch?
I tried "storm-control multicast level 0.00" but the port stopped forwarding
traffic altogether (even ping, telnet)
-Joe
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART