[c-nsp] Too much HSRP traffic - how to limit?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue Feb 27 13:03:57 EST 2007
Hi,
> Neal R wrote:
> >
> > I have some cat 3750 with 125ms hello/375ms hold time in a network
> > with a lot of voice traffic. We like the fast failover we get with these
> > times but we've got one sort of host that really whines about 32
> > multicast packets/second. I've tried all sorts of methods to limit
> > traffic destined for 224.0.0.2 on a couple of member ports of a
> > particular vlan but I'm not coming up with an answer. Output policing?
> > Not supported. The storm-control command limits *input* on ports. Access
> > lists seem to be limited to the vlan interface themselves rather than
> > the physical port.
what you can do is use an ACL on your core switches that come from
the routers etc to block this - ie stop it from getting further down
to edge ports and edge switches. we have succesfully tested this
in operation...things get sooo much quieter for tcpdump/wireshark
etc so you can debug the problem you were initially looking at ;-)
as a basic exmple...on the inbound port on a concentrator switch being
fed from the router...
ip access-group NOHSRP in
ip access-list extended NOHSRP
deny udp any host 224.0.0.2 eq 1985
permit ip any any
alan
More information about the cisco-nsp
mailing list