Why switch generating traffic for 224.0.0.1

Answered Question
Jun 3rd, 2010
User Badges:

Catalyst 3750

CDP is disabled

No Routing protocol

however we can see the traffic generated from switch for multicast address 224.0.0.1?


Any reason for this traffic, and how can we disable it?


Thanks and Regards,

Correct Answer by mbroberson1 about 6 years 9 months ago

Several things to loot at.


The switch is "multicast aware" by default, but should not send traffic unless invoked. I would look at my config and make sure there are not any "non defaults" for any thing multicast related (ip multicast routing, igmp, pim) on interfaces. Next if this this checks out fine I would setup wireshark and SPAN one of the ports to see the source of the traffic. Just some things to start out with.


HTH,

Brandon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
Ganesh Hariharan Thu, 06/03/2010 - 19:24
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016


Catalyst 3750

CDP is disabled

No Routing protocol

however we can see the traffic generated from switch for multicast address 224.0.0.1?


Any reason for this traffic, and how can we disable it?


Thanks and Regards,

Hi,


By default, a LAN switch floods multicast traffic within the broadcast domain and 224.0.0.1  All Systems on this Subnet ,This is used to address all multicast hosts on the directly connected network.


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Ahmed Shahzad Thu, 06/03/2010 - 23:19
User Badges:

Thanks Ganesh.


How do we find out who is generating this multicast. Please note that there is no dynamic routing protocol running, and also the CDP is disabled on the switch.


Thanks and Regards,
Ahmed.

Correct Answer
mbroberson1 Sat, 06/05/2010 - 04:36
User Badges:

Several things to loot at.


The switch is "multicast aware" by default, but should not send traffic unless invoked. I would look at my config and make sure there are not any "non defaults" for any thing multicast related (ip multicast routing, igmp, pim) on interfaces. Next if this this checks out fine I would setup wireshark and SPAN one of the ports to see the source of the traffic. Just some things to start out with.


HTH,

Brandon

joealbergo Mon, 06/07/2010 - 15:10
User Badges:

Ahmed


What did you end up finding out about the traffic?


Where was it coming from?


What did you change?


Please advise



Joe


Ahmed Shahzad Mon, 06/07/2010 - 16:32
User Badges:

Hi Joe,


It is the checkpoint firewalls, which is in cluster, and using IGMP for clustering. Actually I have captured the packets from the firewall, and found it is receving IGMP general query from the switch, and is blocked by the firewall.


B Regards,

Ahmed.

joealbergo Mon, 06/07/2010 - 16:34
User Badges:

Ahmed


Thank you - it gives me a better understanding of the cause and resolution.


So I assume that the traffic is still being permitted, considering you need that firewall query?


Or how have you configured or made any changes to that? Where does that cluster form? Checkpoint Firewall is software?


Please advise.


Joe

Ahmed Shahzad Mon, 06/07/2010 - 19:30
User Badges:

Hi Joe,


I still did not made any changes in the firewall, as this is a production cluster, and we are wondering on permitting IGMP. I will permit these IGMP traffic during maintenance window.


This is a Nokia Checkpoint cluster.


B Regards,
Ahmed.

Actions

This Discussion