Allow Multicast forwarding on NetGear M4300-8x8f switch

Question

I need to be able to forwared IEEE802.1x. EAPOLs through my M4300, but Multicast is giving me problems.&nbsp; &nbsp;I was able to enable EAPOL flood mode on the Security -&gt; Port Authentication setting, but since the START packet goes to a multicast/slow-protocol address, it never makes it through the switch.&nbsp; &nbsp;
&nbsp;
If I use a packet generator and change the START packet destination MAC to an individual address or broadcast, it makes it through without any issues.
&nbsp;
I have also disable IGMP snooping and rebooted as some other netgear devices had that suggestion for multicast, but it did not help out on the M4300
&nbsp;
&nbsp;
Any ideas?
On the 802.1x config page I have:
&nbsp; &nbsp; &nbsp;Admin Mode: Disable
&nbsp; &nbsp; &nbsp;VLAN Assigment Mode: Disabled
&nbsp; &nbsp; &nbsp;EAPOL Flood Mode: Enabled
&nbsp;
My firmware version is recent:&nbsp; 12.0.7.12

LaurentMa · Answer

Hi cbolingThank you for reporting this issue. We have several fixes in development for our M4300 series that address unknown Multicast handling and other IGMP enhancements. I would like to escalate your case to our QA, Tech Support and Engineering departments. I am sending you a private message with my email address, so that you can send me the tech-support file of your M4300-8X8F switch. To do so, GUI Maintenance /Exoort/HTTP File Export and select tech-support in the drop-down menu. With this TS file, we'll have all logs and other debug outputs for understanding better the root cause. We are committed to a fix and we'll work with you with Engineering builds until we're sure the problem is solved. Of course we'll report the results on the Community here. Thank you,

cboling · Answer

Hi,&nbsp; any update on when a solution to the M4300 firmware not being able to pass EAPOL even when flood mode is enabled?&nbsp;&nbsp; - Chip

schumaku · Answer

cboling&nbsp;wrote:
I have also disable IGMP snooping and rebooted as some other netgear devices had that suggestion for multicast, but it did not help out on the M4300

Users typically create these problems because they tend to tick the "block unknown muticast" (guess because it sounds good and secure?) along with enabling IGMP snooping. I slowly start to feel this control should be renamed to "block unregistered multicast" or the like.
&nbsp;
LaurentMa&nbsp;that's one for you!

cboling · Answer

The M4300 does not have a specific option to block unknown multicast addresses.

Also, I modified my test application to generate an EAPOL Start message with a multicast address other than the standard 01-80-C2-00-00-03 multicast address (used 01-88-CC-00-00-03) and this multicast address makes its way through the switch.

So the problem appears to be the 'Flood EAPOL Mode - Enabled' lets the EAPOL EtherType (0x888E) through, but not the reserved multicast address. Perhaps some 'slow-protocol' multicast code in the switch since EAPOLs typicallly should typically be blocked/processed at the ingress MAC.

Purduephotog · Answer

While you're doing these updates to the firmware, would you please kindly look at multicast on a 40gb to 4x10gb breakout? Multicast traffic is not leaving the LAGG when using breakout cables.

Forum Discussion

Allow Multicast forwarding on NetGear M4300-8x8f switch

6 Replies

Related Content

M4300-8X8F (XSM4316S) SFP+ compatibility

M4300-8X8F Management VLAN Configuration

Remote management of M4300-8X8F through SSH connection

Problems with LAG von M4300-8x8F switches

M4300-8X8F 10zoll rack montage?

NETGEAR Academy

ProSupport for Business