A friend of mine trying to filter or block the hsrp multicast traffic over a QnQ trunk link because it is causing some issue on the network. Can you please advise if there is any possibility to block the hsrp multicast over trunk link.
Here is the scenario.
We have two DCs, lets assume DCA and DCB and there is QnQ link has been setup between two and all the vlans are going across that link and HSRP is using VLAN 10 and same group 10 on both sites, we dont want to change either the group or vlan.
Please let me know your thoughts on this and feel free to ask for more information.
Many thanks for your replies, we will try to apply the access-map in our scenario and see if it makes any diffrence...but what we want to first test it in the lab enviroment but unfortunately, GNS3 doesnt treat the switches well, so I am thinking if we will be able to apply the access-map in GNS3.
I am actually the friend that Muhammed has posted this on behalf of.
I have managed to finally get this working with proper hardware, to over come the limitations of emulated equipment. The VACL would have been a good idea, but it would have also probably blocked the legitimate HSRP traffic between Switch 1 and Switch 2 at Site A (and also at site B). So really it had to be done with IP based ACLs on the trunk link itself.
I cant have the ACLs in an outgoing direction, so I guess I'll have to live with the superfluous traffic going across the link, but using the ACL (as suggested by Daniel):
access-list 101 deny tcp any eq 1985 host 22.214.171.124
access-list 101 deny udp any eq 1985 host 126.96.36.199
access-list 101 permit ip any any
if this is placed at both ends of the trunk the HSRP messages from one side don't "override" the settings on the other side, still seeing the traffic but thats something I'll have to live with...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.