Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
1
Replies

Block multicast control traffic.

mklute
Level 1
Level 1

‎10-20-2008 09:40 AM - edited ‎03-06-2019 02:02 AM

Issue: 2 older machines running an application (MNR Imaging) that uses multicast to communicate.

They generate the error messages on our core switches…..

2008 Oct 20 13:33:48 %MCAST-2-IGMP_ADDRAL:IGMP: Address Aliasing for 01-00-5e-00-00-01

2008 Oct 20 13:33:48 %MCAST-2-IGMP_FALLBACK:IGMP: Running in FALL BACK mode

2008 Oct 20 13:33:48 %MCAST-2-IGMP_ADDRALDETAILS:IGMP: Multicast address aliasing: From 00-1e-0b-ec-12-b8 (155.3.2.1) on 4/3 to 01-00-5e-00-00-01 (239.0.

The problem here appears to be the destination MAC address.

The application writers have no idea how to change the application destination MAC address.

We connected the two machines to a dumb switch that is in turn connected to a C2960 that is connected to a C6500.

The intent was to use the C2960 filter the problem traffic; however, a simple igmp filter on the 239.0 range did not block the traffic causing the error messages

What am I missing and is there a better way to isolate this multicast traffic off the core switches?

No answer love for me!!

my best guess is.....

access-list 111

10 deny igmp any any

20 deny pim any any

30 permit ip any any

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-24-2008 08:59 AM

Hello Michael,

PIM and IGMP are protocols that are used to support multicast streams but multicast traffic is different then PIM and IGMP.

try

access-list 111 deny ip any 239.0.0.0 0.255.255.255

access-list 111 permit ip any any

If you are already using multicast in your network and you want to avoid that these sources register with RP (if using sparse mode)on RP ip pim accept-register

http://www.cisco.com/en/US/docs/ios/ipmulti/command/reference/imc_04.html#wp1012700

Here what happens is that sources are sending packets to a group that is not mapped to any RP so a fallback to PIM dense mode occurs and so flooding takes place.

On the c6500, or the device that showed you the log messages use

conf t

no ip pim dm-fallback

see

http://www.cisco.com/en/US/docs/ios/ipmulti/command/reference/imc_04.html#wp1013545

2) About the MAC

they are using multicast IP destination 239.0.0.1 so the MAC address is automatically built as 01-00-5e-00-00-01 and this cannot be changed.

They should try to use a unicast destination if this traffic is unwanted. The MAC used in multicast comes from the multicast IP address used.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card