All things related to multicast

[Zenon Mousmoulas <>]

On 19 Ιουν 2008, at 2:46 ΜΜ, 

 wrote:

> Hi,
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > We're seeing a SAP storm this morning from 145.19.1.183 in the  
> > Netherlands
> > starting around 5:30am CDT (GMT-0500).  Anyone else?  We were able  
> > to block
> > it pretty quickly at our border, so I'm not sure if it's still  
> > going on.
>
> we suffered this one too - which invoked my wrath enough to get around
> to attempt further micro policing.   I wonder if any IOS-heads could
> have a look at this and see if it passes muster... (?)
>
> ----config snippet----
>
> class-map match-all SAP-classmap
>  match access-group name SAP-mcast-group
> !
> !
> policy-map SAP-policy
>  class SAP-classmap
>     police flow mask src-only 50000 1500 conform-action transmit  
> exceed-action drop
>
> interface gi9/1
> (blah blah)
> service-policy input SAP-policy
> (blah blah)
>
>
> ip access-list extended SAP-mcast-group
> permit udp any host 224.2.127.254
> permit udp host 224.2.127.254 any

You don't need the second entry in the acl (it could also be a simple  
standard acl). Apart from that, it looks ok. This will only work on  
7600 and Cat 6500 though. This is according not to my personal  
experience but to suggestions from another thread, which I will  
forward right after this.

Z.