cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
39687
Views
10
Helpful
7
Replies

Why switch generating traffic for 224.0.0.1

Ahmed Shahzad
Level 1
Level 1

Catalyst 3750

CDP is disabled

No Routing protocol

however we can see the traffic generated from switch for multicast address 224.0.0.1?

Any reason for this traffic, and how can we disable it?

Thanks and Regards,

1 Accepted Solution

Accepted Solutions

mbroberson1
Level 3
Level 3

Several things to loot at.

The switch is "multicast aware" by default, but should not send traffic unless invoked. I would look at my config and make sure there are not any "non defaults" for any thing multicast related (ip multicast routing, igmp, pim) on interfaces. Next if this this checks out fine I would setup wireshark and SPAN one of the ports to see the source of the traffic. Just some things to start out with.

HTH,

Brandon

View solution in original post

7 Replies 7

Ganesh Hariharan
VIP Alumni
VIP Alumni

Catalyst 3750

CDP is disabled

No Routing protocol

however we can see the traffic generated from switch for multicast address 224.0.0.1?

Any reason for this traffic, and how can we disable it?

Thanks and Regards,

Hi,

By default, a LAN switch floods multicast traffic within the broadcast domain and 224.0.0.1  All Systems on this Subnet ,This is used to address all multicast hosts on the directly connected network.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Thanks Ganesh.

How do we find out who is generating this multicast. Please note that there is no dynamic routing protocol running, and also the CDP is disabled on the switch.

Thanks and Regards,
Ahmed.

mbroberson1
Level 3
Level 3

Several things to loot at.

The switch is "multicast aware" by default, but should not send traffic unless invoked. I would look at my config and make sure there are not any "non defaults" for any thing multicast related (ip multicast routing, igmp, pim) on interfaces. Next if this this checks out fine I would setup wireshark and SPAN one of the ports to see the source of the traffic. Just some things to start out with.

HTH,

Brandon

joealbergo
Level 1
Level 1

Ahmed

What did you end up finding out about the traffic?

Where was it coming from?

What did you change?

Please advise


Joe

Hi Joe,

It is the checkpoint firewalls, which is in cluster, and using IGMP for clustering. Actually I have captured the packets from the firewall, and found it is receving IGMP general query from the switch, and is blocked by the firewall.

B Regards,

Ahmed.

Ahmed

Thank you - it gives me a better understanding of the cause and resolution.

So I assume that the traffic is still being permitted, considering you need that firewall query?

Or how have you configured or made any changes to that? Where does that cluster form? Checkpoint Firewall is software?

Please advise.

Joe

Hi Joe,

I still did not made any changes in the firewall, as this is a production cluster, and we are wondering on permitting IGMP. I will permit these IGMP traffic during maintenance window.

This is a Nokia Checkpoint cluster.

B Regards,
Ahmed.

Review Cisco Networking for a $25 gift card