Job Search, Job Listing, Opportunity
Work at home job, job vacancy
find a job, vacancy list, cari lowongan
Butuh, Segera, secretary, director
« Lab payment declined.anybody knows how much time I have to enter new credit cart information?
Issues with Multicast traffic and DHCP snooping on 3560E »

Issues with Multicast traffic and DHCP snooping on 3560E

December 11, 2007 @ 5:09 pm · Filed under CCIE Study


Please post the revelant config to see if we can help.
Regards,
Antonio Soares CCIE #18473 (R&S),CCNP,CCIP,JNCIA-ER,JNCIS-ER http://pwp.netcabo.pt/amsoares/
—–Original Message—– From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Gustavo Novais Sent: segunda-feira, 10 de Dezembro de 2007 12:28 To: Cisco certification Subject: Issues with Multicast traffic and DHCP snooping on 3560E
Hi Group,

I’ve working a bit on implementing some LAN switch security features like port-security, DHCP snooping, Dynamic ARP inspection, and IP Source Guard, and I’m observing a behaviour that I’d like to correlate with any of you that has had the same experience, eventually.

I have a single switch configured with DHCP snooping DAI, IP Source Guard and Port Security.
DHCP snooping is enabled on vlans A,B,C, and so are IPSg and DAI. Multicast will be enabled on vlans X and Y.

The multicast config is as simple as it gets with several interfaces Vlan, configured with PIM Dense mode, being a source on one vlan and a listener on other vlan. I do have IGMP Snooping active.
None of the vlans involved in multicast (X,Y) have the security functionalities enabled.

Any way, we disable globally the DHCP snooping with no ip dhcp snooping and no ip arp inspection.

Then I fire up a multicast stream between vlans X and Y and I start seeing the stream perfectly.

As soon as I turn on dhcp snooping (not on vlans X and Y) the video stream freezes.

The strange thing is that the vlans X and Y shouldn’t be affected by DHCP Snooping… but they are…

Obviously, when I try to fire up a mcast stream between vlan A and B, with securities in place, I don’t ever start to see the stream. As soon as DHCP snooping is off, no problem…

Has anyone ever faced this issue? What was the workaround?

I’m thinking that internally the DHCP snooping process does not like to have the CAM manipulated in order to forward the mcast traffic to the proper receivers, but shouldn’t there be a knob of some sort to allow multicast traffic through the port?

Any help is appreciated.

Gustavo Novais

Bookmark this post:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb
keywords found: traffic security internally dynamic cisco soares being 

Leave a Comment

Related Post