In the past i was working closely with Mikrotik RouterOS and was thinking what it is full of bugs. I have found lot of them and was sending bugreports to the developers every week. Nowadays I'm working with Cisco products and they not free from bugs too. Today i have found a new one, it gave me a lot of inconvenience and trouble caused. I hope you will not find yourself in my place if you read this note.
Let's look at this mac access filter:
mac access-list extended bridge_in
permit any host 000c.4209.536b
permit any host 0007.b359.6b60
permit any host 0007.b359.6b61
permit any host 0013.c39a.7c10
permit any host 0013.c39a.7c11
permit any host ffff.ffff.ffff
!
This filter was used on Catalyst 2960 with c2960-lanbasek9-mz.122-40.SE (also tested with c2960-lanbasek9-mz.122-52.SE.bin)
What do you think, should it block all OSPF multicast (0100.5e00.0005, 0100.5e00.0006) and prevent routers from forming OSPF neighbor adjacencies? Answer is YES. But this is not working on this switch. Maybe this is feature?
Let's look at the another switch - Catalyst 2950 with c2950-i6k2l2q4-mz.121-22.EA10a.bin
Here was used this mac access list:
mac access-list extended bridge_in
permit any host 000c.4203.4ca5
permit any host ffff.ffff.ffff
permit any host 000c.421c.f855
!
And it is working! Routers is not forming OSPF neighbor adjacencies because OSPF multicasts are blocked.
Updated:
another funny bug with Catalyst 2960 (IOS 122(40)):
sw#show clock
10:14:42.496 MSK Sun Oct 25 2009
sw#reload at 04:00 26 oct
Reload scheduled for 19:40:34 MSK Tue Dec 8 2009 (in 1065 hours and 26 minutes) by admin on vty0 (192.168.0.1)
Proceed with reload? [confirm]
sw#show reload
No reload is scheduled.
Ciscoman's notes (Записки цыщика c дипломом)
Обо мне
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий