Cisco WAN :: 2960 - Block Outgoing Multicast On L2 Port?

Aug 2, 2012

is it possible to block outgonig multicast L2 frames on an Ethernet port in outgoing direction on a 2960 Switch?
 
I tried the "switchport block multicast" command, but the description of this feature relates to only "unknown" multicast!?
 
But what means "unknown multicast"? Even if activated, I see a lot of multicast traffic going out that port: IGMP, PIM, SSDP, HSRP, OSPF, .. and also pings and VLC streams to multicastaddresses (ip igmp snooping disabled).
 
I also tried to map a "mac access-list" to that port, but the "mac access-group" interface command is restricted to only incoming traffic.
 
Reason: we assume, that there are a couple of specific enddevices, that might react strange to some multicast. Therefor we would like to block outgoing multicast on that specific ports.
 
I tested it on a 2960 12.2(53)SE2

View 10 Replies


ADVERTISEMENT

Cisco Routers :: WRVS4400N Block All Internet Outgoing

Oct 16, 2011

When i try to active the Internet Access Police with Website Blocking by Keyword, the router WRVS4400N block any access to internet, the Access Restriction by time is disable. How i can active this feature without restrict all the access?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Use Radius On ASA 5505 To Block Outgoing User Access By Username In Group

Jan 15, 2012

Can I use AAA Radius on a ASA 5505 to block outgoing user access by user name in a group?

View 2 Replies View Related

D-Link DIR-655 Blocking Port 69 Outgoing

Jan 12, 2012

within ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.Are there some parameter to use in compound conditions for SecurID ?

View 1 Replies View Related

Cisco :: Increase / Decrease Switch Port Outgoing Buffer?

Aug 31, 2012

I have a such setup:Code:

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Blocks Outgoing Smtp (port 25)

Nov 25, 2012

i cannot send emails to outside, i have an access rule on interface inside permit source: inside  destination: any servic: tcp/smtp and when i make paket tracer  it shows me that the packet is dropped but i cant see through which rule!!
 
ASA version: 8.4(3)
ASDM version 6.4(7)

View 2 Replies View Related

Protocols / Routing :: Using Port 1 - 80 For All Outgoing Traffic Possible With Application?

Oct 9, 2012

I want to be able to use port 1-80 for all outgoing traffic. I have a VPS outside my home, which can redirect the packets to the prober ports.Is it possible with an application on the computer and VPS? Or is it impossible?

View 1 Replies View Related

Port Forwarding Working For Incoming Traffic But Not Outgoing?

Feb 6, 2012

I have a licensing server. Other computers need to turn on a program, they send a message to the licensing server, and it responds that they have permission to run.Until today the licensing server was plugged into its own ethernet wall socket and configured with a static IP address. Today I put a router into that wall socket and now the server's plugged into the router.The router (WRT-54G) was set to the static IP - and now the internet on its network works. I set all ports to be forwarded to the server's internal IP address - and now my programs can detect and ping it. But now the server won't send back permissions to use licensed software, or even reply with a list of the software which it can license.

View 1 Replies View Related

Cisco Switching/Routing :: 2960 Drops Multicast Receiver

Jun 17, 2012

A 2960G switch is doing IGMP snooping and is configured as the querier. There is no multicast routing.

Port 1 - Video Set Top Box A
Port 2 - Video Set Top Box B
Port 3 - Multicast Source
 
Both Set Top Boxes A & B are set to receive the video delivered in the same multicast group.Every 60 seconds the switch generates an IGMP General Query message which is sent out all the ports in the VLAN.There is a 10 second timeout in the Query message. Devices that wish to join (or remain joined) to the multicast group have this amount of time to respond with a Join Message directed at the multicast group. Devices deliberately wait a random duration within the timeout time before replying.
 
For some reason (which I don't understand), if the switch receives a Join request message from a Set Top Box, it forwards that messages out of the port to the other Set Top Box. So, let's say Box A responded with the Join Message first. Box B now sees the Join message and now thinks there is another multicast receiver on its branch of the network, so it suppresses its Join Message to avoid sending an unnecessary message.If by chance Box A responds first 2 or 3 times in a row, the switch will not have seen a response from port 2 for awhile, so it prunes that port from the multicast. Eventually, Box B responds first and gets re-joined onto the multicast. It is now Box A that may get pruned if it is consecutively slower.
 
How do I prevent the switch from replicating the Join message out to the other Set Top Box? I have verified this behavior with Wireshark. But, I believe the Join message is only supposed to be forwarded to a multicast router (if there is one - and there isn't), not to other ports.The 2960 is running 12.2(58) SE2.

View 3 Replies View Related

Cisco WAN :: 4948 / 6509 / 2960 - How To Implement Multicast On Network

Aug 4, 2011

We want to implement multicast on our network. We are going to use for  online teaching purpose. I am very new at Multicast and not have much  idea about it. We are not running any routing protocol in our network,  only static route. The multicast server is located at One of our office  and it is connected with L2 (Cisco 2960) switch, L2 switch is connected  to L3 switch(Cisco 4948). L3(Cisco 4948) and Core Switch(Cisco 6509)  with FWSM are connected with E-3 link with tunnel. Router 1 and Router 2  are connected with P2P ILL links which are terminated at serial  interface. The Multicast Server IP is 192.168.2.131/25. The scenario of  our network are mentioned below:
 
Multicast  Server--->(L2 Switch)--->(L3 Switch)--->(Core  Switch)--->(FWSM)--->(Router 1)---->(Router 2)--->(L2  Switch)--->(Multicast Client)
 
 We  have created a seprate vlan (i.e. vlan 102,   interface IP is 192.168.2.129/25) for multicast at L3 switch, enable  multicast routing, defined rp-address(i.e. 192.168.2.129/25), enable  sparse-dense mode at multicast vlan as well as at some other vlan also  for testing purpose and joined multicast group (i.e. Multicast IP is  224.3.3.5). At core switch we have also enabled multicast routing,  defined rp-address (i.e. 19.268.2.129/25), enable sparse-dense mode at  user vlan and inside vlan of FWSM and joined multicast group at user  vlan and inside vlan. At FWSM we have enabled multicast routing, defined  rp-address(192.168.2.129), doesn’t find any option to enable  sparse-dense mode and joined Multicast group at inside vlan and router 1  vlan. At Router 1, we have configured the same thing. We have  configured mroute at all the devices. We are able to ping from end to  end. We are testing multicast by Multicast IP checker tool (provided by  vendor). Multicast is working fine at L2 switch, L3 switch and Core  Switch, but not from Router 1. Ping is reachable from Router 1. After  doing mtrace at Router 1, the following output has come:
 
Router 1 (Mtrace with destination address 192.168.2.131)
mtrace 172.21.15.2 192.168.2.131 224.3.3.5
 
Type escape sequence to abort.
Mtrace from 172.21.254.50 to 192.168.2.131 via group 224.3.3.5
From source (?) to destination (?)
[Code] .....
 
If , we do mtrace from gateway IP address(i.e. 192.168.2.129) as  destination address then mtrace is getting completed, but if mtrace is  done from Mutlicast server IP address(192.168.2.131) as destination  address, then mtrace is not getting completed.
 
  We  have connected one laptop at Router 1 vlan to test Multicast. The host,  which is connected to Router 1 vlan is able to send multicast packet to  other host and other host at different vlan are receiving it , but it’s  unable to receive multicast packet send by other host of different vlan.
 
Do I need to enable igmp snooping at L2 switch, L3 switch and Core Switch ? I am not able to understand or can't figure out where i have configured wrong.

View 23 Replies View Related

Cisco Switching/Routing :: 2960 - Test Multicast Traffic

Dec 6, 2012

Attached setup i am planning for testing multicast output from different vendors using  VLC and STB.  This Setup made to test the picture quality between the vendors at the same time on the multi viewer screen. 

1) Only a 2960 Gig port switch with only one L2 v lan with IGMP snooping enabled. 
In this scenario where Source and receivers are in the same L2 v lan ( no L3 interface is involved) hope i would able to test all the multicast sources with out any additional configuration on the Cisco switch.

View 6 Replies View Related

Cisco Switching/Routing :: 2960 / 6513 - Multicast Between VRF On Same Switch

Sep 3, 2012

I am working on Multicast scenario, There is one 6513E switch one 2960 switch. Two VRF's are configured in core switch (6513) IPTV-SRV and Villa-VRF IPTV-SRV vrf has IPTV server and Villa-VRF has IPTV i.e. client.
 
V LAN 30 is mapped to IPTV-SRV vrf with subnet address 192.168.30.0/24
V LAN 12 is mapped to Villa-VRF with sub net address 192.168.12.0/24
 
I did the following configuration for VRF but its not working . i am not an expert in multicast design but seems i did most of the configs.
 
ip vrf IPTV-SRV
rd 30:1
mdt default 232.1.1.1
route-target export 30:1
route-target import 10:1
[code]...

View 3 Replies View Related

Cisco Switching/Routing :: 2960 - Local Multicast Range Is Not Passing Between Sites

Jan 29, 2012

[URL]
 
We found out that only local multicast ip address range is not passing between the sites, any other range is passing, local range is 239.0.0.0 and above.
 
We have two different datacenters, the internal switch is 2960S (Stacked) with 1-10 vlans and the external switch is 3560E, the external switch is adding another tag (qinq, dot1q), vlan 611, and send the packets to metro line to the other site.
 
on the other site we have the same configuration.
 
internal switch from site A is configured with igmp querier and the internal switch port on site B connected to the external switch is configured as mrotuer port.
 
multicast and igmp is passig between the sites, but the local multicast range is not passing, igmp filterring is configured on all port but no profile is defined and no ports are filterred, on the external switch igmp snooping is disabled.

View 4 Replies View Related

Cisco Switching/Routing :: Enable Multicast On 2950 / 2960 Series Switches?

Dec 8, 2011

How do you enable multicast traffic on 2900 series switches?

View 7 Replies View Related

Cisco Switching/Routing :: Limiting Outgoing Traffic On Single L2 Port On Nexus 7000 1GB

Aug 4, 2012

I am trying to limit the incoming and outgoing traffic on a l2 port to 8mbps for a ip subnet within the nexus 7000. The port is connected to my ISP router which has a bandwidth of 20mbps.Policing won't work on a l2 Port and shaping cannot be applied on a port level. url...I have been reading thru the qos guide for nexus release v6 and have problems understanding the different queues.

View 3 Replies View Related

Cisco Switching/Routing :: 2960 What Can Block ARP

Feb 23, 2012

We recently updated a site2site link to metro ethernet, ISP call it 100mbps LAN Extension, but to me it is just QinQ over fibre connection. Most went well, one thing (annoying to me) is we can not ping our switches on both ends anymore.
 
We have a 3750 in headend and another 2960 on the other end. I used to be able to ping/telnet to the management IP from one to the other. Now we can not. I think the ISP is applying some configuration on ports of their customer-premises equipments (both are Cisco switches) but agent in ISP told me no. I thought there is some configuration on Cisco switch to block "MAC discovery" but i just can not remmenber what was that and google also failed me this time.

View 3 Replies View Related

Cisco Switching/Routing :: Block LAN To LAN Traffic On 2960

Apr 16, 2013

Is there a way to block lan to lan traffic (except lan to gateway/gateway to lan traffic of course) on a Cisco 2960?

View 9 Replies View Related

Cisco WAN :: 2960 / Block Traffic Under Two VLANs - Unidirectional Or Bidirectional

Aug 22, 2012

I have a Ciso L3 switch with 4 VLANs and all host computer connected to rest of 8 cisco 2960 switch's:
 
VLAN 1  : 192.168.1.0/24
VLAN 10: 192.168.10.0/24
VLAN 20: 192.168.20.0/24
VLAN 50: 192.168.30.0/24
  
There are list of my some Questions about Extended ACL serialwise :
 
1. For Restrict traffic from VLAN 10 to VLAN 20, I am using  only one ACL is : Access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255.\  What will happen in this scenerio if we talk about traffic from VLAN 20 to VLAN 10. Will it communicate or not ???
 
2.   How to Block the traffic from VLAN 10  to  VLAN 20 but allow the traffic from VLAN 20  to  VLAN 10 ?

View 16 Replies View Related

Cisco WAN :: How To Multicast RS-232 Serial Port Data

Sep 5, 2012

We want to multicast several serial ports over the WAN/LAN network.In few words what we need to do is transport is several serial ports, is like a RS-485 network but in this case via IP.I do some similar to transport 4E&M lines with great results but I don't know how to start to do the same but with the Serial ports.

View 1 Replies View Related

Cisco Switching/Routing :: CAT6500 / Duplicate Multicast Packets On A Span Session Port?

Apr 17, 2013

If I monitor a trunkport on the rootbridge in both directions  I get Duplicate Multicast Packets on the perticular VLAN.   The first guess is, that this is worked as designed and not a IOS Bug (Platform CAT6500 SUP720 IOS 12.2(33)SXI9 ) Until know I only found an old Cisco press link from 2002 with this subject.

View 2 Replies View Related

Cisco :: MP-BGP (and Not BGP) To Exchange Multicast Prefixes Between Multicast Domains?

Apr 18, 2012

Why do we need MP-BGP (and not BGP) to exchange multicast prefixes between multicast domains?

View 2 Replies View Related

Cisco WAN :: Multicast Routing Between Vrf (Cat 3750) - Multicast Vpn Extranet?

Feb 19, 2013

I try to pass multicast traffic between two vrf on the same 3750 switch. I have IP services IOS and sdm template routing.
 
here is my config:
 
ip routing
!
ip vrf vpn2
rd 1:1
mdt default 232.1.1.1
route-target export 1:1
route-target import 1:1

[code]....
 
Now I'm stuck - I don't know what to do to pass multicast traffic. Do I have any chance to run this config on 3750 chassis?Perhaps "Configuring Multicast VPN Extranet Support" document will be useful, but it concerns Catalyst 6500? [URL]

View 0 Replies View Related

How To Block Port 80

Mar 14, 2011

How to block port 80 IN xp

View 1 Replies View Related

How To Block A Port On Local PC

Sep 25, 2011

I dont currently have access to the router and i was wondering is there a anti-virus program that allows you to block ports to the local pc? Or is there another way to block programs using peer-peer network connections such as PPS.

View 3 Replies View Related

How To Block Port 8080

Feb 23, 2011

how do I block / unblock ports in ASA Firewall 5500 series?

View 2 Replies View Related

Cisco Security :: Block Port 135 Using CSA 6.0.2.145 On Windows 7?

Mar 13, 2011

I have installed CSA on windows 7 with rule to block rpc port 135.But when i am scannig this host, this port is still opened.I changed OS to Win Vista,Win7 x86, but there is no changes.Is it possible to block port 135 using CSA on windows 7?

View 2 Replies View Related

Cisco WAN :: 7200 - How To Block SMTP Port 25 On Router

Jan 24, 2012

We are running ISP and now a days we have many spam in our network, we want block the SMTP port 25 block on Cisco router 7200.  So we can block the spam in our network.

View 3 Replies View Related

Cisco WAN :: Block Some Port From Outside To Inside On Router 2911

Sep 5, 2012

What is the configuration for allow port from Outside to inside( 80,21,https...) and i want to allow traffic from outside to inside only 80,https and 21.

View 1 Replies View Related

Block Port 443 Only For Skype In Tp Link Router?

Jul 24, 2012

Except email, we want to block every thing for users temporarily through router.If I block all ports from 400 to 65334, skype doesn't work but email also doesn't work.If I open only port 443 among blocked, both email and skype works.

View 1 Replies View Related

D-Link DIR-655 :: Outlook / Exchange Port Block

Aug 22, 2011

I can connect to Internet perfectly fine.  I can even VPN back into my office.  However, once connected via VPN and I launch my Outlook Client, I'm not able to connect to get emails.  When I run a "netstat -a", I get my "SYN_SENT" to all my office domain controllers and exchange servers.However, if I connected via my Starhub USB Broadband dongle, everything works perfectly fine.What settings do I need to do on my router?  I tried port forwarding and application rules but none worked.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Setting Up SMTP Port Block?

Mar 5, 2012

how to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us. I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source (192.168.0.131) with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem.  I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits.  So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit?

View 2 Replies View Related

Cisco Firewall :: 5505 Block Port 80 On A Specific Host In LAN

Apr 22, 2012

I'm using an ASA5505 (8.4(1)) and would like to block port 80 on a specific host in the LAN so machines in other remote LANs connected via VPN can't access this port on the host. Devices in the local LAN should have access to this port on the host. Here are the commands I'm using:
 
-access-list block_port extended deny tcp any host 10.20.10.20 eq 80
-access-list block_port extended permit ip any any
-access-group block_port out interface inside
 
These commands are not working as I would expect them to. When I browse to http://10.20.10.20 from a remote machine over the VPN tunnel I am able to access the host web server.

View 2 Replies View Related

Cisco Switching/Routing :: 3550 / Access List - Block One Ip Or Port

Jan 9, 2012

I have a layer 3 switch, 3550.I have several vlans on there just for playing around with. One of the vlans, has a vonage linksys box attached to it with a UK number attached. From time to time telemarketers call at 03:00 in the morning, this as I'm sure you can imagine is not much fun. The linksys box gets 192.168.3.3 as it's ip.The switch is connected to a non cisco router at 192.168.0.1
 
interface FastEthernet0/24
no switchport
ip address 192.168.0.2 255.255.255.0
 
I was thinking a time based access list would work best I have tried several variations but the phone still rings. I have tried access-list 1 deny host 192.168.3.3 permit ..... and more extensive lists but the phone still rings. I have not applied the time-range yet, so that's not the problem.I have applied the list to the vlan interface and to fa0/24 but it's not working.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved