Cisco Switching/Routing :: IGMP Snooping On 3560
Nov 28, 2012
how to configure igmp snooping on a 3560.
I have a pure L2 switching network and 2 hosts on the same vlan that want to communicate a protocol between each other using multicast packets.
I wanted to configure ip snooping only on this vlan and create a multicast group limited to only these 2 host ir order to make sure that the multicast traffic is only between both of them.
Since both are sender and receiver I´m not quite sure on how to configure this. In theory I also need to set an IP Multicast Address on the switch to where the hosts will send their multicast packets.
This is basically the network:
HOST_A---|SWITCH_A|==|SWITCH_B|---HOST_B
View 11 Replies
ADVERTISEMENT
Nov 21, 2011
I useing Cisco861 : C861-universalk9-mz.124-24.T3.bin on my Cisco861 the command "ip pim dense-mode","ip igmp static-group "command does not exist,
router(config)# ip p?
port-map prefix-list
router(config)#
[Code]....
View 4 Replies
View Related
Oct 10, 2012
In the following topology
R1(f0/0)------------(f0/1)SW1(f0/2)------------R2
R1 is configured as host (no ip routing) with ip igmp join 239.10.10.10 on fa0/0 and R2 with ip pim sparse-mode on f0/0. SW1 is a Catalyst 3560 running IOS 12.2(25)SEE4 working at Layer 2 only in this topology (VLAN 1).
I configured SW1 for igmp snooping:
ip igmp snooping
ip igmp snooping vlan 1
Basically, I can see 'snooped' muticast group (via IGMP reports sent by R1)
SW1#sh ip igmp snooping group
Vlan Group Type Version Port List
----------------------------------------------------------------
1 224.0.1.40 igmp v2 Fa0/2
1 239.10.10.10 igmp v2 Fa0/1, Fa0/2
SW1#
SW1#
SW1#
[code]....
View 4 Replies
View Related
Sep 23, 2012
I've got a pair of Nexus 7010's running vPC. I am having a Multicast issue with a cluster of Linux servers that need to talk Multicast for cluster/high-availability operation. All the servers need to talk to a single multicast address and I am having trouble getting them to communicate. I believe I need to enable IP IGMP Snooping Querier on the N7K's and it needs to be enabled on the VLAN where the servers reside. How to enable IP IGMP Snooping Querier on a VLAN ?
View 5 Replies
View Related
Nov 14, 2012
We have a 3750 acting as the core. By default IGMP snooping is enabled on cisco 3750 from the documents.but, when we see the ip mroute table on the switch, it doesnt show any output.
View 40 Replies
View Related
Nov 24, 2011
Our switch model is "Cisco Catalyst Blade Switch 3020 for HP" We are building HA (High Availability) Databases infrastructure.Currently, there are two nodes(hosts- servers) and two above switch for HA.
Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication.So my question is:
Q1> Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?
Q2> If 'yes', how can we configure the switch for Multicasting ?
Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
View 1 Replies
View Related
Mar 22, 2012
I've been looking into IGMP snooping and have read that a L2 switch will forward multicast traffic to all ports connected to an interested receiver AND all mrouter ports. In a L2 'V' topology this results in all multicast traffic routed onto a VLAN being forwarded to the 2nd distribution switch. My question is how should a 6500 Sup720 deal with this unwanted multicast traffic? Both a Local SPAN of the RP and a Netdr capture suggest that this traffic is punted to the RP and ultimately dropped. Is this expected behavior or should the traffic be dropped in H/W?
View 2 Replies
View Related
Oct 12, 2011
I have attempted to implement DHCP snooping and have been having some strange issues. I have 5 3560s taht I use for my edge and when I attempt to implement on all five, the VLAN that houses my voice data appears to no longer be able to recieve DHCP lease renewals so after the 24 expiration all of my phones lose their configs. Once I roll back the changes the voice VLAN comes back. The other VLANs seem to function correctly as theya re able to renew their DHCP addresses.
The 3560s tie into each other using GIG Ports 1 & 2 and the top and bottom switches tie into our core switch, a 4507. The config that I use is below, failry simple and straightforward.
4 of the 5 switches feed our general office vlans for voice and data however the 5th switch is there for expansion and not in use. As such I have left the config changes in place on it and have tied myself and a colleague into it and have been operating fine for over a week now. So the config that I use seems sound in theory and should work on the other 4 switches with no issue.
View 14 Replies
View Related
Jan 18, 2013
I am trying to understand the basics of DHCP snooping. I have a just a 3560 switch and a laptop ( to get a DHCP address) and my DSL router which has a DHCP server running. On the switch I have enabled "IP DHCP Snooping" and "IP DHCP Snooping VLAN 1" plugged the laptop and DSL router in and the laptop gets and IP address, should it?
I thought all ports were untrusted by default so the DHCP server should be blocked at offering IP addresses? If I wanted the DHCP server to be allowed to offer IP's I thought I should need to trust the port.
View 3 Replies
View Related
Sep 25, 2011
I have to deploy a full IP-TV solution and the IGMP snooping must be supported on the switch.
I know the the ESW 520 support this protocol but the full IP-TV solution will manage uo to 200 set up boxes, does this switch support all this traffic?
I also have another question, what exactly mean "Combo SFP slots include one 10/100/1000BASE-T Ethernet port and 1 SFP-based Gigabit Ethernet slot for fiber, 1 port active at a time." ? Is when I use 1 port with LX sfp transcever the 3 other uplink ports will be inactive and I can't add another or trunk it with another switch?
View 2 Replies
View Related
Oct 3, 2011
i want to setup IGMP Snooping on the Managed Switch SG 300-10. I do it over the webinterface. Enable Bride Multicast Filtering, Forwarding Method IP Group Address and enable IGMP Snooping v3. In the local Network i stream up to 4 Multicast streams 239.1.1.1-239.1.1.4. The client vor the Multicast are IP setupboxes. If i connect PRTG Network Monitor over SNMP to see the Traffic on the ports i see that all Multicast streams are at every port. What is the false i do? I thought only the multicast stream that is shoosen at the client are forwarding and not all multicast streams. The IP STBs have only a 100Mbit network adapter and i have to muticast over 10 Streams (10Mbit per stream) over the local VLAN. So i think IGMP Snooping is the solution for me. Or need i also a Multicast router?
View 1 Replies
View Related
Sep 12, 2012
I have a network which is based upon a 4507 Core/Dist switch, with 1G fibre to a bunch of radially connected 2960 Access switches. It all works fine and as expected for data and telephony.I have been tasked with setting up one of the VLANs to support multicast, so a bunch of video streams will be injected at the 4507, and will be delivered to client PCs connected to the 2960 switches.The 4507 is running with SVIs to some VLANs, but the VLAN that will have the Multicast on it is isolated, with no SVI.I could change this if required,I need to run IGMP snooping, and probably deploy CGMP to take advantage of the Cisco-proprietary functionaity.
View 4 Replies
View Related
Apr 3, 2012
I have some problems with IGMP snooping feature on the SG300 switch. I want to filter multicast dinamycally with IGMP snooping. To configure our switch I use the web page: - In Multicast I first enable: Bridge Multicast Filtering Status Thzn I enable IGMP snooping ,Then I enable IGMP Snooping on my VLAN During my tests I stream a video (UDP multicast). This stream is present on all the ports of my VLAN with IGMP snooping normally configured. Also, I can't see any entry in the IGMP/MLD IP Multicast Group Table where I should normally see my multicast address.
View 4 Replies
View Related
Jul 20, 2011
Is the E4200 able to deal with IGMP snooping (v2/v3)?I would like to replace a motorola/netopia vdsl-router which handles internet tv-traffic.
View 4 Replies
View Related
Nov 24, 2011
Our switch model is "Cisco Catalyst Blade Switch 3020 for HP"We are building HA (High Availability) Databases infrastructure.Currently, there are two nodes(hosts- servers) and two above switch for HA.Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication.So my question is: Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?If 'yes', how can we configure the switch for Multicasting ?Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
View 1 Replies
View Related
Nov 24, 2011
IGMP Snooping configuration for Multicasting on Cisco Catalyst 3020 Our switch model is "Cisco Catalyst Blade Switch 3020 for HP" We are building HA (High Availability) Databases infrastructure.Currently, there are two nodes(hosts- servers) and two above switch for HA.Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication. Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?, If 'yes', how can we configure the switch for Multicasting ?
View 1 Replies
View Related
Nov 24, 2011
IGMP Snooping configuration for Multicasting on Cisco Catalyst 3020
Our switch model is "Cisco Catalyst Blade Switch 3020 for HP" We are building HA (High Availability) Databases infrastructure. Currently, there are two nodes(hosts- servers) and two above switch for HA.
Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication. So my question is:
Q1> Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?
Q2> If 'yes', how can we configure the switch for Multicasting ?
Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
View 1 Replies
View Related
Jun 21, 2012
I am unable to configure an interface using the "ip igmp filter <profile #>" command on a 2960G running 12.2(58)SE2. The switch allows me to create a profile using the "ip igmp profile <profile #>" global configuration command. It also lets me enable filtering with the global "ip igmp filter" command (which I didn't see in the documentation). But, the command is not accepted when configuring an interface. "ip igmp ?" does not even show "filter" as a valid auto-complete when in configure interface mode, and the command is rejected if I try to enter it.
I verified the command worked on a much earlier version of IOS, so it must have broken somewhere along the line. I'm wary of moving up to 15.0(1)SE. Is that a major IOS change?
View 5 Replies
View Related
Mar 11, 2012
I encountered a problem migrating configuration from Cisco 4500 with IOS 12.2(53)SG4 to Cisco 6500-VSS with IOS 12.2(33)SXI7.
With 4500, we had 2 servers with JBoss running multicast to build up the cluster. They used 239.X.X.X multicast IP. There was no need to configure "ip igmp snooping vlan XX static XXXX.XXXX.XXXX interface X" neither static arp entry.
When we migrated to 6500 in VSS, we had to do:
mac-address-table static XXXX.XXXX.XXXX vlan XX interface X disable-snooping
With this command, the JBoss cluster worked well. The question is, ¿Is there any difference regarding IGMP in 4500 versus 6500?
View 3 Replies
View Related
Mar 27, 2013
I am having problems with IGMP and QoS on CAT6500 platform with SUP720 engine.The problem is, it seems that all IGMP packets are getting marked with DSCP 48 when sent out of the switch regardless of any input service policy. I found several articles saying that PFC QoS does not apply to IGMP packets. However in IOS 15 that should be possible, but I didn't get it to work there either. [code]
View 0 Replies
View Related
Apr 13, 2011
I have 3560e which doesn't appear to be passing igmp traffic to the upstream router
PC1 ----------- ASA ------------ PC2--------- 3560e ----------- 3825 -------------------- WAN --------------------- Router ------------- Server
My ASA runs SMR, has an igmp forward interface outside command on the inside and has a trunk port to the 3560e (V lans 32 & 48).PC2 is a test pc on the 3560e on vlan32. 3825 is my ISPs router on vlan32.
- if i try to access the stream from PC2 it works.
- if i try to access the stream from PC1, i see the igmp join leave my ASA onto the 3560E (i've captured on the 3560e's link to the ASA).
I've also captured on the ASA and i can see the igmp packet leave the outside interface but the join doesn't reach the 3825 (i've captured on the 3560e port facing the router and there is no join being forwarded).the switch is running in layer 2, 12.2(35r)SE1.
switch#sh ip igmp snooping querierVlan IP Address IGMP Version Port---------Switch#
Global IGMP Snooping configuration:------------------------IGMP snooping : EnabledIGMPv3 snooping (minimal) : Enabled Report suppression : Enabled TCN solicit query : Disabled TCN flood query count : 2Robustness variable : 2Last member query count : 2Last member query interval : 1000
View 2 Replies
View Related
Nov 3, 2011
I have a 2x Cisco 3750G switches (Stacked) that are part of an IP Video Surveillance System .All network is set to 1 VLAN (VLAN 1 default).The Cisco SWs ( Core ) are configured with IGMP Querier + Snooping .Connected to the Cisco SWs are 4 Fiber Rings(Loops) for redundancy . RSTP and IGMP Snooping are enabled on all the network SWs .Network Architecture Figure :
When all Fiber Rings (Loops ) are connected , the Cisco and Ring SWs spanning-tree tables show the blocked and forwarding ports properly .I am able to connect all my IP Cams + Encoders to the Ring SWs and connect my Servers + WorkStations to the Cisco SWs to record and view the multicast ip streams .All streams from Rings 1 ,3 and 4 are getting normally to the Servers + WorkStations through multicast ( IGMP Snooping are filled correctly on the Cisco and non-Cisco SWs ) . All multicast streams are joined normally except for Ring 2 .The Multicast streams passing through Ring 2 will operate normally for around 2 hours then after that the Fiber SWs begin to flood their multicast traffic causing the cams on the same switch to drop off the network .
I checked the Configuration of all the SWs on Ring 2 but all are are the same .
What is weird is that I have to set all the streams to unicast to stop the flooding just on Ring 2 (All other rings are not affected ) then after some time if I enabled a video multicast stream on one of the SWs of the Ring it will be streamed properly to the Servers + WorkStations ( All IGMP tables along the way will be filled properly ) then again after 2 hours or so , the flooding will start again suddenly and all IGMP table entries for the SW on Ring2 will be empty . No problem occurs on the other Rings which have more multicast streams .
View 0 Replies
View Related
Sep 27, 2012
I have a problem at a place where 5 ME3400 switches are connected in a straight line. I can't do much about the topology of that place, but the problem is they are all DHCP Snooping, but uni cast replies from the dhcp server further up the hierarchy gets eaten by the first switch! I can't really see why it not only inspects in and whines about it not being for itself - it then drops the message.
What have we done wrong (apart from the actual layout of that place, which I can't really change)?
Sep 28 13:49:29: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/1)
Sep 28 13:49:29: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Gi0/1, MAC da: 7444.012d.debd, MAC sa: 0013.1a4a.65c7, IP da: XX.YY.186.7, IP sa: XX.YY.186.1, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: XX.YY.186.7, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 7444.012d.debd
Sep 28 13:49:29: DHCP_SNOOPING: binary dump of option 82, length: 20 data:
[Code] ......
It really should just send it on, as with any uni cast not on the switch itself - it should go out Gi0/2 really. Why isn't it?
[core] -- [sw1] -- [sw2] -- [sw3] -- [sw4] -- [sw5]
All the trunks are trusted, DAI is on (I've tried shutting it off, as well), port-security is used but it's actually not dying on the switch having the client computer, but the first one in the chain with dhcp snooping.
View 6 Replies
View Related
Mar 2, 2013
I have a problem with high CPU load by DHCP Snooping process on Catalyst 6506 (WS-SUP720-3B, soft: s72033-ipservices_wan-mz.122-18.SXF11.bin). I have it enabled on 15 VLANS, in which there are subscriber devices residing, and sending DHCP requests through Cisco to DHCP server (Cisco acts as DHCP relay, and it's collecting the snooping database, I also use DAI).
Snooping database contains 6962 bindings now.
CPU load goes high only sometimes, and I don't have a clue, why it's going so high. It can load as high as 45-47% of CPU, like this:
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
116 81471244 322596368 252 42.95% 43.48% 36.06% 0 DHCP Snooping
When the load is high, the command: show ip dhcp snooping statistics is showing, that the overall quantity of
Packets Processed by DHCP Snooping is increasing rapidly. In normal situations, it's like 10-20 packets per second, but when the load is high, it's 1000-10000 pps.
But when I look at SPAN from my subscriber's VLANS, I don't really see any flood of DHCP requests, or something like that - everything looks as usual. Maybe, some of subscriber's devices are sending incorrect DHCP requests, that are causing packets to loop inside RP, or something like that? How can I detect that thing?
Also I thought, that if I enable the ip dhcp snooping trust mode on all of the Catalyst interfaces, the DHCP snooping will not process the subscribers DHCP packets, and I can, by exclusion of interfaces from one to one, detect, from which interface the problem is originating. But this seems to be incorrect, I turned the ip dhcsp snooping trust on all interfaces, and I still get spikes of CPU load by DHCP snooping process. Why it's still examining packets, even on trusted interfaces, is it ok?
And one more question - if I disable the ip dhcp snooping globally, will it clear all my existing bindings in snooping database?
View 3 Replies
View Related
Apr 9, 2012
I am working in a environment that is classed as collapssed Layer 3 environment. We have a core 6500 with routed links to 3560's which are access switches.
We have layer 3 vlans on the access switches, one for data one for voice.On the layer 3 vlans we have ip helper addresses that are used for DHCP. The DHCP servers are located on the 6500.
I recently had a incident where someone plugged a netgear router into a desk point because they thought they could use it for a switch. This router then started to dish out IP addresses to people in the morning for those who came in and docked their laptops. 99% of people weren't affected because they have desktop PC's are their leases hadn't expired.
Now we have bpduguard, bpdufilter to prevent people from plugging in switches that send out BPDU's. However this doesn't prevent the above senario where someone plugs a router or a 'dumb' switch that doesn't send BPDU's.Because of the above senario I started looking at DHCP Snooping, but I am unsure on a couple of things.
With the topology of our network I understand that I don't need to configure IP DHCP Snooping Trust on the L3 uplinks to our core switch. From what I understand I just need to enable IP DHCP Snooping globaly and then on the VLAN's on the access switch (because of the L3 topology VLAN's are local to the access switches). Only if I had L2 uplinks to the core would I need to configure IP DHCP Snooping Trust on the trunk links.
View 2 Replies
View Related
Apr 17, 2012
I have a new catalyst 2960,and i want to enable DHCP SNOOPING,but,it doesn't work,the server is stilling offert addresses IP and it's not connected in a trusted port,the schema is very simple:1 switch catalyst 2960 PST-S,1 server dhcp and 1 pc client,the PC and the server are in VLAN 10,DHCP SNOOPING is enabled in all ports and no port is trusted,but the client get addresse IP after retyping ipconfig /release and ipconfig /renew in dos commande.the configuration and the version of the switch are in the file attached.I tested the same configuration in a catalyst C3560-24PS and DHCP SNOOPING work normally,i tested in other catalyst 2960-PST-S,but the same probléme:DHCP SNOOPING without effect,the commands typed is:
-ip dhcp snnoping
-ip dhcp snooping vlan 10
View 5 Replies
View Related
Nov 24, 2011
I got some problem with enabling dhcp snooping on 4500 (cat4500e-lanbasek9-mz.122-54.SG.bin) the topology is as below: dhcp snooping enabled only on CORE (with interface trusted to dhcp server)the problem is that I put these 2 commands
ip dhcp snooping
ip dhcp snooping vlan 1
but it is not enabled on any vlan
SW-CORE#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
[Code]...
On B1 if I turn it on there is a "1" in the section " DHCP snooping is configured on following VLANs:" but on core no.As you can see I did put the trusted on the interface in the direction to the dhcp.First I thought it can be a problem with option 82, I've read a lot about the issues with that, but the problem would be explicable if the client did receive IP address, but it does.
View 3 Replies
View Related
Nov 14, 2012
I am trying to find a command for dhcp snooping rate-limiting on a CatOS. The PFC card is PFC. PFC3B is said to support that command. But there seems no this command.
-6k> (enable) sh ver
WS-C6509-E Software, Version NmpSW: 8.4(5)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Aug 3 2005, 13:26:46
[Code] ......
Up time is 1183 days, 1 hour, 41 minutes
View 3 Replies
View Related
Jan 9, 2013
I recently installed DHCP snooping on a 3750v2 switch (Version 12.2(55)SE4) and configured the uplink(Po2) as a trusted port. The problem is that clients cannot receive an IP address. When I disable DHCP snooping it is working properly. DHCP snooping is configured correctly but I don't have an idea how to resolve it. [code]I tested the solution on the same kind of hardware switch and firmware and it worked out fine. What is causing the clients not to receive an IP address from the DHCP server?
View 10 Replies
View Related
Feb 10, 2011
Just spoke to the TAC and didn't get the information needed. When configuring ip dhcp snooping database I am adding this to my configuration:ip dhcp snooping database scp://dhcpsec@192.168.1.50/home/dhcpsec/switch1.dhcp.database.txt..I assumed that to do this I would either specify the password on the command line, similar to the way its done when using ftp/http, or that I would need to create a public/private key.I have enabled scp and can manually copy a file from the switch to the linux server. So I believe I have all the aaa commands correct. Cisco WS-C3560G-24PS System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE.bin".
View 3 Replies
View Related
Feb 14, 2012
does Cisco 2600 series switch support 802.1x and DHCP snooping?
View 6 Replies
View Related
Oct 8, 2012
i have a strange problem in my campus network.im trying to run port security on my access switches which they are 3550 with ios c3550-ipservicesk9-mz.122-52.SE when i run the port security with Sticky option, even i put 1000 mac address for just learning on the port but when i issue the switchport port-security command every pc connected to that port loses its connection with network UNTIL i enable dhcp snooping!!! all my client are getting they ip address from DHCP server but strange thing is that how on earth i have to enable DHCP snooping to port security work properly? also when i check the configuration under the interface when dhcp snooping is not yet enabled switch doesnt add any mac address under the interface so no one can work until i enable snooping and then switch adds mac addresses under the interface configuration.is this Bug on this version of IOS?[code]
View 4 Replies
View Related
Sep 24, 2012
we've an infrastructure were the Access is based on Cat3750G Stacks connected to both Cores using L3 connections.On the Access Switches are implemented the following features DHCP Snooping, IP Source Guard and Dynamic ARP Inspection and all is working fine since years...the DHCP Servers are on a dedicated stack which act as a SFarm.
On the Access Switches the port configuration is the following:the Uplink Ports to both of the Cores are configured in TRUST for DHCP Snooping and ARP Inspection the Access Ports, where the end-device are connected, are UNTRUST for DHCP and ARP Inspection with IP Source Guard Active Right now I've to add a new L2 switch on one of the Access Port and I'm wondering if this is possible since I've to keep on the Stack Access Ports all the security feature active and I've also to implement DHCP Snooping on the new L2 switch to avoid rouge DHCP Server...
I suppose that the uplink to the L2 switch on the Stack Access Switch should be left as it is connected to an end device...but the uplink port on the L2 switch should be set up as TRUST...isn'it? Keeping in mind that I want to implement DHCP Snooping also on this L2 switch to avoid that Rogue DHCP Servers will impact the end-device connected to this L2 switch...is this scenario possible??? or I can't do that and should leave DHCP Snooping only on the Access Stack.
View 2 Replies
View Related