[c-nsp] 3750 HSRP question

Leif Sawyer lsawyer at gci.com
Thu Nov 13 17:57:37 EST 2008


Tassos Chatzithomaoglou writes:
> 
> What about the following?
> 
> mac address-table static 0100.5e00.0002 vlan X int A B ...
> 
> Just don't include the 2 appliance interfaces into the 
> interface list (or include only the 2 hsrp ports).

Nope.  That doesn't seem to do anything --  I'm still seeing
the HSRP packets in my sniffer.

Sigh.  

Cisco sure doesn't want to perform outbound MAC-layer filtering
on it's interfaces, no matter what the security implications might be.
It sure would be nice if they'd figure out that allowing this traffic
to be restricted to known/allowed ports, the network would be just a
little bit safer.


More information about the cisco-nsp mailing list