[nsp] HSRP multicast & switch ports

Ariel Brunetto ariel.brunetto at ifxnw.com.ar
Wed Sep 3 12:07:01 EDT 2003


You can run IGMP snooping. CGMP is not supported on Catalyst 6500, but you
can turn a CGMP Server in your Cat6500 MSFC to support CGMP clients. IGMP
Snooping is another way to perform the same task, but it's cpu intensive on
higher traffic lan segments.

RGMP is a new method to constraint the multicast traffic on a Catalyst 6500.
RGMP forward the multicast traffic to only those routers that are configured
to receive it via Join/Leave messages. You must have PIM-SM running on
routers in order to RGMP works.

RGMP (where available):
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration
_guide_chapter09186a008007e6f8.html

IGMP Snooping:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration
_guide_chapter09186a008007e705.html#1020353


Regards,

Ariel Brunetto


-----Mensaje original-----
De: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]En nombre de John Wong, Kok
Seng
Enviado el: Miercoles, 03 de Septiembre de 2003 05:15 a.m.
Para: cisco-nsp at puck.nether.net
Asunto: RE: [nsp] HSRP multicast & switch ports


Steve,

I was more concerned about the hosts connected to the
switchport being able to "see" the HSRP plaintext authentication
rather than performance. I think MD5 authentication for
HSRP is not available for MSFCs yet. Imagine if a compromised
host were to set a higher priorty, grab all the traffic and
basically just do some MITM attacks/sniffing... not nice at all...

Thanks.


> -----Original Message-----
> From: Steve Francis [mailto:steve at expertcity.com]
> Sent: Wednesday, September 03, 2003 3:09 PM
> To: John Wong, Kok Seng
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] HSRP multicast & switch ports
>
>
> John Wong, Kok Seng wrote:
>
> >Hi all,
> >
> >Sorry if this is an FAQ listed somewhere i couldn't find...
> >
> >How do we prevent HSRP multicasts (224.0.0.2) being flooded
> >out ALL switch ports? We're running HSRP on Cat6500 MSFCs
> >and we're seeing the HSRP multicast packets on all the ports
> >in the HSRP VLAN connected to the switch.
> >
> You don't.  What if you attach a router that you want to
> participate in
> the HSRP group to one of those switch ports? How would it
> know not to be
> active w/o the multicasts?
>
> Two packets per 5 seconds (default), to a multicast group ( so most
> machines won't even get NIC interupts from them) is not something I'd
> worry about.
>
> >
> >Thanks.
> >
> >_______________________________________________
> >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
>
>
>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





More information about the cisco-nsp mailing list