Block multicast control traffic.

Unanswered Question

Issue: 2 older machines running an application (MNR Imaging) that uses multicast to communicate.

They generate the error messages on our core switches…..

2008 Oct 20 13:33:48 %MCAST-2-IGMP_ADDRAL:IGMP: Address Aliasing for 01-00-5e-00-00-01

2008 Oct 20 13:33:48 %MCAST-2-IGMP_FALLBACK:IGMP: Running in FALL BACK mode

2008 Oct 20 13:33:48 %MCAST-2-IGMP_ADDRALDETAILS:IGMP: Multicast address aliasing: From 00-1e-0b-ec-12-b8 ( on 4/3 to 01-00-5e-00-00-01 (239.0.

The problem here appears to be the destination MAC address.

The application writers have no idea how to change the application destination MAC address.

We connected the two machines to a dumb switch that is in turn connected to a C2960 that is connected to a C6500.

The intent was to use the C2960 filter the problem traffic; however, a simple igmp filter on the 239.0 range did not block the traffic causing the error messages

What am I missing and is there a better way to isolate this multicast traffic off the core switches?

No answer love for me!!

my best guess is.....

access-list 111

10 deny igmp any any

20 deny pim any any

30 permit ip any any

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 10/24/2008 - 08:59

Hello Michael,

PIM and IGMP are protocols that are used to support multicast streams but multicast traffic is different then PIM and IGMP.


access-list 111 deny ip any

access-list 111 permit ip any any

If you are already using multicast in your network and you want to avoid that these sources register with RP (if using sparse mode)on RP ip pim accept-register

Here what happens is that sources are sending packets to a group that is not mapped to any RP so a fallback to PIM dense mode occurs and so flooding takes place.

On the c6500, or the device that showed you the log messages use

conf t

no ip pim dm-fallback


2) About the MAC

they are using multicast IP destination so the MAC address is automatically built as 01-00-5e-00-00-01 and this cannot be changed.

They should try to use a unicast destination if this traffic is unwanted. The MAC used in multicast comes from the multicast IP address used.

Hope to help



This Discussion