From: Gregory Gombas (ggombas@gmail.com)
Date: Thu Sep 20 2007 - 16:18:51 ART
Antonio, I suggest you PT him until he starts sucking watermelon
juice! (Sorry bad full metal jacket reference)
Hey what 4 hour drill-downs are you doing?
On 9/19/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
> Excuse me, Antonio and Marvin,
>
> Upon more careful application the original config works. I was under the
> impression IP ACL's could not be applied to ports in l2 mode on a 3550|60
>
> Thanks for the multicast storm control tip Marvin. I have read that before
> on the DOC CD, but it didn't stick out...
>
> These 4 hour drill-downs I'm doing are really helping with these tasks...
> Going to do one for all these tasks tomorrow night...
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Marvin Greenlee
> Sent: Wednesday, September 19, 2007 10:39 PM
> To: 'Joseph Brunner'; 'Antonio Soares'; 'Alex Steer'; ccielab@groupstudy.com
> Subject: RE: filtering multicast frames
>
> Not sure exactly what you mean by " SWITCHPORT mode; an ip acl won't work",
> it worked fine for me in testing.
>
> RouterA---Switch---RouterB
>
> L3 ACL on switch applied to port connected to router A prevents RIP updates
> from getting to RouterB. (Router A and Router B in same VLAN)
>
>
> Regarding storm-control not working, see the note in the command reference:
>
> "...Note If a multicast storm control suppression level is exceeded on a
> switch, all traffic (multicast, unicast, and broadcast) is blocked until the
> multicast traffic rate drops below the threshold. Only spanning-tree packets
> are passed. If the broadcast or the unicast storm control suppression level
> is exceeded, only that type of traffic is blocked until the rate drops below
> the threshold..."
>
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
> Senior Technical Instructor - IPexpert, Inc.
> A Cisco Learning Partner - We Accept Learning Credits!
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: mgreenlee@ipexpert.com
>
> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
> Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab
> Certifications.
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joseph Brunner
> Sent: Wednesday, September 19, 2007 9:38 PM
> To: 'Antonio Soares'; 'Alex Steer'; ccielab@groupstudy.com
> Subject: RE: filtering multicast frames
>
> You should see other options Antonio, you're a general, I'm a private first
> class.
>
> The port is in SWITCHPORT mode; an ip acl won't work.
>
> Just ran your config in my lab, where my R4 is currently running ripv2 with
> BB2, still got rip routes...
>
> But, you do this with a vacl...
>
> vlan access-map BLOCKRIP 10
> action drop
> match ip address norip
> vlan access-map BLOCKRIP 20
> action forward
> !
> vlan filter BLOCKRIP vlan-list 102
> !
>
> ip access-list extended norip
> permit ip any host 224.0.0.9
>
>
> Can anyone think of other ways to block rip on a switch?
>
> I tried "storm-control multicast level 0.00" but the port stopped forwarding
> traffic altogether (even ping, telnet)
>
> -Joe
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART