[c-nsp] Are multicast MAC addresses allowed in the source field?
John Neiberger
jneiberger at gmail.com
Fri Oct 15 17:43:21 EDT 2010
>> > RFC 1812 section 3.3.2 says it shouldn't work:
>> > A router MUST not believe any ARP reply that claims that the Link
>> > Layer address of another host or router is a broadcast or multicast
>> > address.
>
>> Yep, this is a Checkpoint cluster connected to Cisco switches. Once I
>> discovered the right search terms, I found the configuration guide on CCO. I
>> had never heard of this before. I think we've decided against it since it would
>> require static entries on 20 switches and 10 routers. I think they decided to
>> launch this in unicast mode for now and we might revisit multicast mode
>> some other time.
>
> My interpretation of the original post was that the multicast address was in the Ethernet header (7th byte of the frame is an odd number).
>
> But it sounds like the multicast address is appearing in the Sender MAC field of the ARP reply.
>
> Which behavior is it, exactly?
>
That's a good question, and I don't have an answer. I'm not sure about
the specific behavior of these firewalls. Our security guys just now
decided to deploy these in unicast mode, so I guess it's a moot point
now. :)
Thanks for your help,
John
More information about the cisco-nsp
mailing list