On Mon, 22 Sep 2014, Richard Holbo wrote:
Now it looks like from my reading that CISCO MLD snooping would _help_ with
this, though it would not stop the offender from generating the multicast
requests, it might keep if from reaching _all_ ports, but it would still
If the packets are sent to ff02::1, then this will be sent to all ports
even with MLD snooping turned on.
http://www.ietf.org/rfc/rfc4541.txt
"In IPv6, the data forwarding rules are more straight forward because
MLD is mandated for addresses with scope 2 (link-scope) or greater.
The only exception is the address FF02::1 which is the all hosts
link-scope address for which MLD messages are never sent. Packets
with the all hosts link-scope address should be forwarded on all
ports."
So I doubt turning on MLD snooping will help.
Your switches, can't you do some kind of protocol based filtering, and
only allow two ethertypes, ARP and IPv4?
--
Mikael Abrahamsson email: swm...@swm.pp.se
