[c-nsp] 3750 HSRP question
Tassos Chatzithomaoglou
achatz at forthnet.gr
Fri Nov 14 05:56:29 EST 2008
If you use HSRP v2 (which uses 224.0.0.102), will the appliances still have a problem?
PS: You need 12.2(46)SE for this.
Leif Sawyer wrote on 14/11/2008 00:57:
> Tassos Chatzithomaoglou writes:
>> What about the following?
>>
>> mac address-table static 0100.5e00.0002 vlan X int A B ...
>>
>> Just don't include the 2 appliance interfaces into the
>> interface list (or include only the 2 hsrp ports).
>
> Nope. That doesn't seem to do anything -- I'm still seeing
> the HSRP packets in my sniffer.
>
> Sigh.
>
> Cisco sure doesn't want to perform outbound MAC-layer filtering
> on it's interfaces, no matter what the security implications might be.
> It sure would be nice if they'd figure out that allowing this traffic
> to be restricted to known/allowed ports, the network would be just a
> little bit safer.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Tassos
More information about the cisco-nsp
mailing list