[c-nsp] 3750 HSRP question
Aaron Riemer
ariemer at wesenergy.com.au
Thu Nov 13 18:42:01 EST 2008
Yes it would be nice if you could control where the HSRP advertisements
are sent out. Something similar to the passive-interface command with
EIGRP would be nice.
Let me know if you work this one out. I don't like the idea of HSRP
spamming our Ethernet VLAN's either.
Aaron Riemer
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Leif Sawyer
Sent: Friday, 14 November 2008 7:58 AM
To: cisco-nsp
Subject: Re: [c-nsp] 3750 HSRP question
Tassos Chatzithomaoglou writes:
>
> What about the following?
>
> mac address-table static 0100.5e00.0002 vlan X int A B ...
>
> Just don't include the 2 appliance interfaces into the
> interface list (or include only the 2 hsrp ports).
Nope. That doesn't seem to do anything -- I'm still seeing
the HSRP packets in my sniffer.
Sigh.
Cisco sure doesn't want to perform outbound MAC-layer filtering
on it's interfaces, no matter what the security implications might be.
It sure would be nice if they'd figure out that allowing this traffic
to be restricted to known/allowed ports, the network would be just a
little bit safer.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
LEGAL DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
More information about the cisco-nsp
mailing list