Solved: Re: Why switch generating traffic for 224.0.0.1

Ahmed Shahzad · ‎06-03-2010

Catalyst 3750

CDP is disabled

No Routing protocol

however we can see the traffic generated from switch for multicast address 224.0.0.1?

Any reason for this traffic, and how can we disable it?

Thanks and Regards,

mbroberson1 · ‎06-05-2010

Several things to loot at.

The switch is "multicast aware" by default, but should not send traffic unless invoked. I would look at my config and make sure there are not any "non defaults" for any thing multicast related (ip multicast routing, igmp, pim) on interfaces. Next if this this checks out fine I would setup wireshark and SPAN one of the ports to see the source of the traffic. Just some things to start out with.

HTH,

Brandon

View solution in original post

Ganesh Hariharan · ‎06-03-2010

Catalyst 3750

CDP is disabled

No Routing protocol

however we can see the traffic generated from switch for multicast address 224.0.0.1?

Any reason for this traffic, and how can we disable it?

Thanks and Regards,

Hi,

By default, a LAN switch floods multicast traffic within the broadcast domain and 224.0.0.1 All Systems on this Subnet ,This is used to address all multicast hosts on the directly connected network.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Ahmed Shahzad · ‎06-03-2010

Thanks Ganesh.

How do we find out who is generating this multicast. Please note that there is no dynamic routing protocol running, and also the CDP is disabled on the switch.

Thanks and Regards,
Ahmed.

mbroberson1 · ‎06-05-2010

Several things to loot at.

The switch is "multicast aware" by default, but should not send traffic unless invoked. I would look at my config and make sure there are not any "non defaults" for any thing multicast related (ip multicast routing, igmp, pim) on interfaces. Next if this this checks out fine I would setup wireshark and SPAN one of the ports to see the source of the traffic. Just some things to start out with.

HTH,

Brandon

joealbergo · ‎06-07-2010

Ahmed

What did you end up finding out about the traffic?

Where was it coming from?

What did you change?

Please advise

Joe

Ahmed Shahzad · ‎06-07-2010

Hi Joe,

It is the checkpoint firewalls, which is in cluster, and using IGMP for clustering. Actually I have captured the packets from the firewall, and found it is receving IGMP general query from the switch, and is blocked by the firewall.

B Regards,

Ahmed.

joealbergo · ‎06-07-2010

Ahmed

Thank you - it gives me a better understanding of the cause and resolution.

So I assume that the traffic is still being permitted, considering you need that firewall query?

Or how have you configured or made any changes to that? Where does that cluster form? Checkpoint Firewall is software?

Please advise.

Joe

Ahmed Shahzad · ‎06-07-2010

Hi Joe,

I still did not made any changes in the firewall, as this is a production cluster, and we are wondering on permitting IGMP. I will permit these IGMP traffic during maintenance window.

This is a Nokia Checkpoint cluster.

B Regards,
Ahmed.