Solved: block vrrp multicast

bert.verhaeghe · ‎07-23-2010

Hi,

We connected new VPLS L2 lines (whereas before we linked our site up with a L3 MPLS connections) for our sites to our datacentre (redundant 6500 switches).

Each site is in a separate vlan and the VPLS connections are connected on a single port as a trunk.

I've configured new VLANs and vlan interfaces with vrrp, but I see a lot af vrrp multicast traffic sent to the sites.

Is there a way to configure vrrp to only send its advertisements on a specific interface or to block vrrp on an interface?

andrew.prince · ‎07-23-2010

Multicast has a tendancy to end up where you don't want it do - it does not do any harm, unless there is a device wanting to listen.

If you want to block vrrp multicast on a router the specific address is 224.0.0.18

A simple acl like:-

access-list 101 deny ip 224.0.0.18 any

access-list 101 deny ip any 224.0.0.18

access-list 101 permit ip any any

!

interface <>

ip access-group 101 out

Should do the trick...

For a switch - much easier, just use:-

interface <>

switchport block multicast

HTH>

View solution in original post

andrew.prince · ‎07-23-2010

Multicast has a tendancy to end up where you don't want it do - it does not do any harm, unless there is a device wanting to listen.

If you want to block vrrp multicast on a router the specific address is 224.0.0.18

A simple acl like:-

access-list 101 deny ip 224.0.0.18 any

access-list 101 deny ip any 224.0.0.18

access-list 101 permit ip any any

!

interface <>

ip access-group 101 out

Should do the trick...

For a switch - much easier, just use:-

interface <>

switchport block multicast

HTH>

bert.verhaeghe · ‎07-23-2010

Thx, Andrew

Worked like a charm.

andrew.prince · ‎07-23-2010

np - glad to help