RE: filtering multicast frames

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Thu Sep 20 2007 - 16:44:46 ART

• Next message: Rich Collins: "Re: QOS"
• Previous message: Pierre-Alex GUANEL: "Re: Re: Time Managment tips during lab"
• Maybe in reply to: Alex Steer: "filtering multicast frames"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think I lost the number in the last 30 minutes last time because while I
had a verification strategy, it was undisciplined. I left things shutdown :(
which I know cost me the points my configurations earned... :(

My verification was basically

1. build some interface, or write/apply some acl to verify a task
2. don't wait for the first verification to work, just run do another
3. come back and check later on how the first verification went
4. if I don't have a verification strategy "on the cuff" come up with one
after 20 push-ups in the break room

So now I'm doing 4-hour drills on

RIP
EIGRP
OSPF
REDISTRIBUTION
Switching (USING THE "UBER-ULTRA-EXTENDED FAILED TWICE" BLUEPRINT)
SECURITY
MULTICAST
IPv6

3 hours design, config, debug, 1 hour verification of each

My goal is to be finished my first run of the tasks I know cold by 1 hour
back from lunch. Spend the next hour going back and tackling the
non-connectivity essential tasks I skipped.

Last 2 hours doing a SLOOOOOOW methodical verification including minimum 4
re-reads of each question...

This attempt will include much much more practice time and verification
strategy behind it. That's all I'm promising...

Let's see.

-----Original Message-----
From: Gregory Gombas [mailto:ggombas@gmail.com]
Sent: Thursday, September 20, 2007 3:19 PM
To: Joseph Brunner
Cc: Marvin Greenlee; Antonio Soares; Alex Steer; ccielab@groupstudy.com
Subject: Re: filtering multicast frames

Antonio, I suggest you PT him until he starts sucking watermelon
juice! (Sorry bad full metal jacket reference)

Hey what 4 hour drill-downs are you doing?

On 9/19/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
> Excuse me, Antonio and Marvin,
>
> Upon more careful application the original config works. I was under the
> impression IP ACL's could not be applied to ports in l2 mode on a 3550|60
>
> Thanks for the multicast storm control tip Marvin. I have read that before
> on the DOC CD, but it didn't stick out...
>
> These 4 hour drill-downs I'm doing are really helping with these tasks...
> Going to do one for all these tasks tomorrow night...
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Marvin Greenlee
> Sent: Wednesday, September 19, 2007 10:39 PM
> To: 'Joseph Brunner'; 'Antonio Soares'; 'Alex Steer';
ccielab@groupstudy.com
> Subject: RE: filtering multicast frames
>
> Not sure exactly what you mean by " SWITCHPORT mode; an ip acl won't
work",
> it worked fine for me in testing.
>
> RouterA---Switch---RouterB
>
> L3 ACL on switch applied to port connected to router A prevents RIP
updates
> from getting to RouterB. (Router A and Router B in same VLAN)
>
>
> Regarding storm-control not working, see the note in the command
reference:
>
> "...Note If a multicast storm control suppression level is exceeded on a
> switch, all traffic (multicast, unicast, and broadcast) is blocked until
the
> multicast traffic rate drops below the threshold. Only spanning-tree
packets
> are passed. If the broadcast or the unicast storm control suppression
level
> is exceeded, only that type of traffic is blocked until the rate drops
below
> the threshold..."
>
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
> Senior Technical Instructor - IPexpert, Inc.
> A Cisco Learning Partner - We Accept Learning Credits!
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: mgreenlee@ipexpert.com
>
> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On
Demand
> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
> Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage
Lab
> Certifications.
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joseph Brunner
> Sent: Wednesday, September 19, 2007 9:38 PM
> To: 'Antonio Soares'; 'Alex Steer'; ccielab@groupstudy.com
> Subject: RE: filtering multicast frames
>
> You should see other options Antonio, you're a general, I'm a private
first
> class.
>
> The port is in SWITCHPORT mode; an ip acl won't work.
>
> Just ran your config in my lab, where my R4 is currently running ripv2
with
> BB2, still got rip routes...
>
> But, you do this with a vacl...
>
> vlan access-map BLOCKRIP 10
> action drop
> match ip address norip
> vlan access-map BLOCKRIP 20
> action forward
> !
> vlan filter BLOCKRIP vlan-list 102
> !
>
> ip access-list extended norip
> permit ip any host 224.0.0.9
>
>
> Can anyone think of other ways to block rip on a switch?
>
> I tried "storm-control multicast level 0.00" but the port stopped
forwarding
> traffic altogether (even ping, telnet)
>
> -Joe
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Rich Collins: "Re: QOS"
• Previous message: Pierre-Alex GUANEL: "Re: Re: Time Managment tips during lab"
• Maybe in reply to: Alex Steer: "filtering multicast frames"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART