RE: Issues with Multicast traffic and DHCP snooping on 3560E

From: Antonio Soares (amsoares@netcabo.pt)
Date: Tue Dec 11 2007 - 18:39:02 ART

• Next message: Gustavo Novais: "RE: Issues with Multicast traffic and DHCP snooping on 3560E"
• Previous message: femi ogunlana: "RE: Lab payment declined.anybody knows how much time I have to"
• Maybe in reply to: Gustavo Novais: "Issues with Multicast traffic and DHCP snooping on 3560E"
• Next in thread: Gustavo Novais: "RE: Issues with Multicast traffic and DHCP snooping on 3560E"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Please post the revelant config to see if we can help.

Regards,

Antonio Soares
CCIE #18473 (R&S),CCNP,CCIP,JNCIA-ER,JNCIS-ER
http://pwp.netcabo.pt/amsoares/

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Gustavo Novais
Sent: segunda-feira, 10 de Dezembro de 2007 12:28
To: Cisco certification
Subject: Issues with Multicast traffic and DHCP snooping on 3560E

Hi Group,

I've working a bit on implementing some LAN switch security features like
port-security, DHCP snooping, Dynamic ARP inspection, and IP Source Guard,
and I'm observing a behaviour that I'd like to correlate with any of you
that has had the same experience, eventually.

I have a single switch configured with DHCP snooping DAI, IP Source Guard
and Port Security.

DHCP snooping is enabled on vlans A,B,C, and so are IPSg and DAI.
Multicast will be enabled on vlans X and Y.

The multicast config is as simple as it gets with several interfaces Vlan,
configured with PIM Dense mode, being a source on one vlan and a listener on
other vlan. I do have IGMP Snooping active.

None of the vlans involved in multicast (X,Y) have the security
functionalities enabled.

Any way, we disable globally the DHCP snooping with no ip dhcp snooping and
no ip arp inspection.

Then I fire up a multicast stream between vlans X and Y and I start seeing
the stream perfectly.

As soon as I turn on dhcp snooping (not on vlans X and Y) the video stream
freezes.

The strange thing is that the vlans X and Y shouldn't be affected by DHCP
Snooping... but they are...

Obviously, when I try to fire up a mcast stream between vlan A and B, with
securities in place, I don't ever start to see the stream. As soon as DHCP
snooping is off, no problem...

Has anyone ever faced this issue? What was the workaround?

I'm thinking that internally the DHCP snooping process does not like to have
the CAM manipulated in order to forward the mcast traffic to the proper
receivers, but shouldn't there be a knob of some sort to allow multicast
traffic through the port?

Any help is appreciated.

Gustavo Novais

• Next message: Gustavo Novais: "RE: Issues with Multicast traffic and DHCP snooping on 3560E"
• Previous message: femi ogunlana: "RE: Lab payment declined.anybody knows how much time I have to"
• Maybe in reply to: Gustavo Novais: "Issues with Multicast traffic and DHCP snooping on 3560E"
• Next in thread: Gustavo Novais: "RE: Issues with Multicast traffic and DHCP snooping on 3560E"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:30 ARST