Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

HSRP messages on Netscreen

Posted on 2006-06-13
4
Medium Priority
?
571 Views
Last Modified: 2008-01-09
I keep getting message on our netscreen as a spoof alert stating that two of our swithces are generating packets in the order of source " ip address of one of our switches" src port 1985 and destination addres of 224.0.0.2 dsn port of 1985. My question is how to prevent this message as a spoof or turn the multicast broadcasting off on the switches.

thanks in advance
0
Comment
Question by:vcon13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16897305
You definitely don't want to block those packets- that's the hello protocol between the 2 switches. Block it and you won't have HSRP.

Not sure how to fix that issue on the netscreen, but it sounds like the problem is that the packets are on the outside of the netscreen but the netscreen is expecting them on the inside due to their source address. Without knowing your topology I can't really suggest further. You haven't said what brand of switches or anything. By default, multicast packets are treated as broadcasts on a switch. You can configure many Cisco switches so that only specific ports will be used for a particualr multicast group. So you may be able to supress them on the netscreen port that way. but the real problem is probably the design and how the netscreen fits into it with it's current configuration.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16897328
you can also use IGMP snooping on the switches, which will help the switches figure out on which ports to send the multicast packets. It should stop sending them to the netscreen. But it won't stop arps and other possible broadcasts you may also be getting complaints about.
0
 

Author Comment

by:vcon13
ID: 16897797
Sorry, the switches are Cisco 4506 GBit, on the same subnet as the spoofed address. 10.10.10.0 we will use this subntet for this example. 6 interfaces on Netscreen. Inernas subnet is getting the message.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 2000 total points
ID: 16898026
Hard to imagine why the Netscreen would have a problem with local addresses sending packets on the proper interface. The 4506s definitely do IGMP snooping, that may well fix the problem by keeping those multicast packets away from switchports that don't want to listen.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question