Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Controlling HSRP and OSPF traffic

Hi,

We run HSRP and OSPF on our network. When I do a network sniff from a client, I can see the HSRP multicast traffic, and I can also see the OSPF advertisements.

Is it possible to filter these packets off client interfaces?

What's the best way of doing this?

Cheers,

Ben

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Controlling HSRP and OSPF traffic

Ben

You can configure multicast blcoking on individual ports on your switch - see attached link for configuration example.

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081dfa8.html#wp1087814

I have not actually used this feature so i would suggest testing it if you can before implementing it on to a live system. Be aware that it blocks all multicast so only you will know whether this is acceptable or not.

Let me know how you get on

Jon

10 REPLIES
Hall of Fame Super Blue

Re: Controlling HSRP and OSPF traffic

Hi Ben

Normally with multicast traffic you can turn on IGMP snooping on your switch and this will stop multicast being sent to all ports.

But with HSRP and OSPF even with IGMP snooping they still wouldn't be filtered. These are not the only groups that can't be filtered - anything with 224.0.0.x is the same.

Some switches do have comamnds to block multicast on ports - what type of switch do you have and what IOS version.

Jon

Re: Controlling HSRP and OSPF traffic

Hi Jon,

Thanks for getting back to me.

Im using C3750G Series with Advanced IP Services. IOS version is 12.2(37)SE - so fairly recent.

Ben

Hall of Fame Super Blue

Re: Controlling HSRP and OSPF traffic

Ben

You can configure multicast blcoking on individual ports on your switch - see attached link for configuration example.

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081dfa8.html#wp1087814

I have not actually used this feature so i would suggest testing it if you can before implementing it on to a live system. Be aware that it blocks all multicast so only you will know whether this is acceptable or not.

Let me know how you get on

Jon

Re: Controlling HSRP and OSPF traffic

Jon,

Thanks very much for the information. After giving this some thought - although we don't use Multicast for anything on our network yet - its only a matter of time.

I think I will live with the traffic. Its not giving away anything particularly sensitive about the network.

Ive bookmarked that link you sent me though for future reference.

Thanks for your help.

Re: Controlling HSRP and OSPF traffic

Hi Jon,

AFAIK "switchport block multicast" blocks unknown multicast forwarding out of the port, will this block the OSPF multicast, it would be really interesting.

HTH,

Mohammed Mahmoud.

Hall of Fame Super Blue

Re: Controlling HSRP and OSPF traffic

Hi Mohmammed

As i said i haven't actually used this feature but i think i'll log onto our lab this afternoon and try it.

I'll let you know how i get on.

By the way how's the CCIE study going ?

Jon

Re: Controlling HSRP and OSPF traffic

Hi Jon,

I can't remember who i was before starting preparing for the lab :) i am trying to load share my time between Working and Studying (and thanks for my wife and kid for not compromising the bandwidth :) and for sure they'll get compensation after i finish my lab), any way its kind of fun, and its going fine thanks God.

Thank you Jon for asking, and i am really eager to know the results of your test.

Take care and have a nice day :)

BR,

Mohammed Mahmoud.

New Member

Re: Controlling HSRP and OSPF traffic

You can filter your ospf packets from the user interfaces by putting the interfaces in passive mode using "passive-interface default" then use no passive-interface gix/x for the ones you want the ospf packets to go out.

Hall of Fame Super Bronze

Re: Controlling HSRP and OSPF traffic

Ken,

Be careful with making such suggestion. Enabling passive-interface will break the OSPF adjacencies since hello packets won't be sent.

Hall of Fame Super Bronze

Re: Controlling HSRP and OSPF traffic

You can change the OSPF transport from multicast to unicast by using the neighbor command under the OSPF process.

It can be painful if you have a lot of OSPF neighbors but this will reduce the multicast traffic, if that's a problem for you.

Sorry, I don't have an answer for HSRP.

446
Views
5
Helpful
10
Replies
CreatePlease login to create content