Re: igmp snooping non working on C2950T w some traffic
The problem is caused by an unfortunate selection of the multicast group IP address 126.96.36.199. Let me explain some basics first.
You are probably aware that the multicast IP address range 188.8.131.52/24 is called the link-local multicast. In this range, many applications are running, among others OSPF, EIGRP, RIPv2, PIM, HSRP, VRRP, GLBP, and others. Neither of these applications subscribes in these groups, however. For example, you will never see an EIGRP router sending an IGMP join message to the 184.108.40.206 group where all multicast EIGRP packets are delivered.
Because of this reason (no IGMP joins are commonly sent for applications in the link-local multicast scope), Cisco Catalyst switches cannot perform IGMP snooping for these groups because there would be no IGMP messages received/sent. Instead, these switches flood all frames whose destination MAC address corresponds to the appropriate multicast IP address within the link-local scope, which is the range from 01:00:5e:00:00:00 up to 01:00:5e:00:00:FF (the first 25 bits are set to 01:00:5e:0, the last 23 bits are directly copied from the lowest 23 bits of the multicast IP address; the remaining bits from the IP address are lost during this mapping from IP to MAC). For the link-local multicast IP address range, the IGMP Snooping is ignored.
Now, notice that the multicast IP address 220.127.116.11 maps to the MAC address 01:00:5E:00:00:09 - just the same MAC address as would be used by a RIPv2 router using the link-local multicast IP address 18.104.22.168. For a Catalyst switch, this is indistinguishable from a frame containing a real link-local multicast IP packet. As a result, this frame will be flooded all ports in the same VLAN which is exactly the phenomenon you are experiencing.
As a matter of rule, all addresses in the form
will map to the very same MAC address 01:00:5E:00:00:Hex(X) and will be treated as link-local multicasts - they will be flooded all ports, disregarding the IGMP Snooping completely. This has to be taken into consideration by the network administrator that is responsible for planning the multicast addressing plan so that these IP addresses are not used for multicast applications because IGMP Snooping does not apply to them.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...