IPV6 with Cisco layer 2 switches.

Similar Messages

• Help with connecting MacBook Pro with Cisco Routing and Switches?

  I'm running a CiscoASA 5510 router with several Cisco WS-C2960-48TT-L switches on a local network to connect with MacBook Pro. I need to be able to restrict access to specific users via their computer MAC address. ie: Joe Blow is limited to connecting through Switch 1 on port 10 and anywhere else he tries to plug in will simply not work.

  You need to look at the documentation that came with your router and switches. Or ask your network admin to set it up. Your question has nothing to do with your Macbook Pro configuration. MAC filtering is done in the router not in the computers/devices connecting to the router.

• Router on a Stick with Cisco/Linksys SRW2024 Switch

  Does anybody have experience with configuring a router on a stick type configuration with a non-Catalyst switch? I have a SRW2024 switch and a 2611 router. I would like to configure the switch with a trunk port and use dot1q encapsulation on subinterfaces on the router to route between the subnets. Configuring the router is simple, but the switch is very confusing and I just can't seem to get it to work. Any ideas? Is this even doable with this combonation of hardware?
  Thanks in advance.
  -Dan

  The "Encapsulation dot1q 1 native" command is not a valid command on my router. Specifically, the native command is not an option. Perhaps that isn't in my IOS version?
  IOS (tm) C2600 Software (C2600-JS56I-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
  IOS image: c2600-js56i-mz.120-7.T
  However I did a whole lot of messing around with it today and I think I finally got it. The trouble is, IMHO, the switch menus are too messy and hard to understand. It seems to allow me to do impossible things which adds to the confusion.
  Here's what worked for me:
  My router config was correct to begin with.
  Router-A (Cisco 2611):
  interface Ethernet0/0
  ip address 192.168.1.10 255.255.255.0
  interface Ethernet0/0.2
  encapsulation dot1Q 2
  ip address 10.0.0.1 255.0.0.0
  Switch (Linksys SRW20204):
  Menu: Switch > VLAN Interface Settings
  Select the port number of the port to be the trunk.
  Set Port VLAN Mode to Trunk. Submit.
  Menu: Switch > VLAN
  Create a second VLAN with the ID of 2.
  Add the ports to be "Included" on this VLAN.
  Leave the workstation ports "Untagged".
  (This is where I was screwing up)...
  "Include" the Trunk port AND select "Tagged".
  So basically, I was tagging the workstation ports and not the trunk port. But the correct way is the Trunk port must be Included on all VLANs and have Tagging turned on for all VLANs. All the workstation ports should be included on whatever VLAN they should be on but NOT Tagged. It makes sense now because a workstation would have no idea what to do with a tagged frame.
  Why I can enable tagging on non-trunk ports is a mystery. They really should explain that better in the manual. Perhaps add some examples. I find the manual for this switch to be extremely vague overall.
  Thakns for the help guys!
  -Dan

• Configuring Radius server with Cisco MDS - 9606 switch

  Need help in configuring Radius server with cisco MDS - 9606
  please let me know if any document available

  rtt min/avg/max/mdev = 0.260/0.327/0.468/0.077 ms
  IFCBCCEMCSW2# sh version
  Cisco Storage Area Networking Operating System (SAN-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software may be covered under the GNU Public
  License or the GNU Lesser General Public License. A copy of
  each such license is available at
  http://www.gnu.org/licenses/gpl.html and
  http://www.gnu.org/licenses/lgpl.html
  Software
  BIOS: version 1.1.0
  loader: version 1.2(2)
  kickstart: version 3.3(1c)
  system: version 3.3(1c)
  BIOS compile time: 10/24/03
  kickstart image file is: bootflash:/m9500-sf1ek9-kickstart-mz.3.3.1c.bin
  kickstart compile time: 5/23/2008 19:00:00 [06/19/2008 23:56:56]
  system image file is: bootflash:/m9500-sf1ek9-mz.3.3.1c.bin
  system compile time: 5/23/2008 19:00:00 [06/20/2008 00:26:51]
  Hardware
  cisco MDS 9506 ("Supervisor/Fabric-1")
  Intel(R) Pentium(R) III CPU with 1028596 kB of memory.
  Processor Board ID JAB094300ER
  bootflash: 250368 kB
  slot0: 0 kB

• FCoE with Cisco Nexus 5548 switches and VMware ESXi 4.1

  Can someone share with me what needs to be setup on the Cisco Nexus side to work with VMware in the following scenario?
  Two servers with two cards dual port FCoE cards with two ports connected to two Nexus 5548 switches that are clusterd together.  We want to team the ports together on the VMware side using IP Hash so what should be done on the cisco side for this to work? 
  Thanks...

  Andres,
  The Cisco Road Map for the 5010 and 5020 doesn't include extending the current total (12) FEX capabities.  The 5548 and 5596 will support more (16) per 55xxk, and with the 7K will support upto 32 FEX's.
  Documentation has been spotty on this subject, because the term 5k indicates that all 5000 series switches will support extended FEX's which is not the case only the 55xx will support more than 12 FEX.  Maybe in the future the terminology for the 5k series should be term 5000 series and 5500 series Nexus, there are several differences and advancements between the two series.

• STP LED status with Cisco Catalyst Blade Switch 3130

  Hi,
  The usual status LED of a STP Blocked interface is orange. With this Switch (3130), the LED is green while the RSTP status port is Alternate Blocked. Is this normal ? Is there any documentation about RSTP LED status ?

  G'day,
  I think you have the wrong forum! :)
  cheers

• Achieving Redundancy with Cisco Routers and Switches

  I have two 2600 routers connected to two different ISP and in turn these are connected back to our head office to a 3560 series switch.Iam trying to set up the different connections such that if one ISP connection fails the other one takes over immeadiately.I know i could use HSRP for redundancy but the problem iam facing is the two routers are in different subnets, so it may not be possible to use HSRP in this case.I could be wrong but any help will be appreciated.

  Hi,
  some questions to ask you
  1- 3550 is working as L3 or L2
  if L3 than you can use static route pointing to two different router.if L2 than use secondary address in ethernet infaces of router and run HSRP but for this you need to match vlan.
  2- if intervlan is configured on router's than it will be very easy.
  HTH if not write here

• Cisco Asa 5505 and Layer 3 Switch With Remote VPN Access

  i got today a new CISCO LAYER 3 Switch .. so here is my scenrio
  Cisco Asa 5505
  I
  Outside  == 155.155.155.x
  Inside  =      192.168.7.1
  VPN POOL Address =   10.10.10.1   -   10.10.10.20
  Layer 3 Switch Config
  Vlan 2
  interface ip address =  192.168.1.1
  Vlan 2
  interface ip address =  192.168.2.1
  Vlan 2
  interface ip address =  192.168.3.1
  Vlan 2
  interface ip address =  192.168.4.1
  Vlan 2
  interface ip address =  192.168.5.1
  ip Routing
  So i want My Remote Access VPN clients to access all this Networks. So Please can you give me a helpfull trick or Link to configure the rest of my routing
  Thank You all

  When My Remote VPN is Connected , it reaches 192.168.7.2 of the Layer 3 VLan that's Connected to The ASA 5505 ,
  But i can't reach the rest of the VLAN - example
  192.168.1.1
  192.168.1.2
  192.168.1.3
  192.168.1.4
  192.168.1.5
  But i can reach the Connected Interface Vlan to My ASA ..
  So here i think iam miss configuration to my Route
  Any Help Please this is urgent

• Dynamic VLAN assignment and Layer 3 switching on 300 series

  I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
  So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right?
  I'm new to VLAN configuration and layer 3 switching so I wanted to check my understanding. Doesn't this limitation significantly reduce the usefulness of the DVA feature?
  I may well be confused and missing something regarding how this is typically used..

  Hello Glenn,
  Your concept about packet forwarding is correct. With a layer 2 switch, there must be something directing traffic with multiple subnets for intervlan communication or something that provides an IP route to give the request a path back for the request.
  The usefulness for the DVA feature, is not particularly limited to the switch as the switch will correctly assign the VLAN for you, as VS the L3 switch mode, you're dealing with IP addresses. In any scenario, you're going to require a router to get to the internet since the switch does not support NAT.
  Additionally, if you're router does not support VLAN, the L3 switch feature would still be the solution since you should be able to make a static route pointing back to the switch to allow any subnet to traverse the single media. It would still beg the question, how to assign VLAN dynamically.
  The answer, although (in my opinion is terrible) would be GVRP.  But, this application would require ALL of your network cards to be GVRP Enable / Capable which most likely is not the scenario for you (or most anyone else for that matter).

• NTP Service on Domain Controller have problem with cisco switch

  Hello!
  I  have Windows Server 2008 R2 SP1 Domain Controller with NTP services
  The windows opertion system clients get NTP time ok.
  There are problem with cisco switch, can't get time from NTP.
  Can anybody help me to fix problem?
  C:\Users\Sysuser>w32tm /query /configuration
  [Configuration]
  EventLogFlags: 2 (Local)
  AnnounceFlags: 5 (Local)
  TimeJumpAuditOffset: 28800 (Local)
  MinPollInterval: 6 (Local)
  MaxPollInterval: 10 (Local)
  MaxNegPhaseCorrection: 1800 (Local)
  MaxPosPhaseCorrection: 1800 (Local)
  MaxAllowedPhaseOffset: 300 (Local)
  FrequencyCorrectRate: 4 (Local)
  PollAdjustFactor: 5 (Local)
  LargePhaseOffset: 50000000 (Local)
  SpikeWatchPeriod: 900 (Local)
  LocalClockDispersion: 10 (Local)
  HoldPeriod: 5 (Local)
  PhaseCorrectRate: 7 (Local)
  UpdateInterval: 100 (Local)
  [TimeProviders]
  NtpClient (Local)
  DllName: C:\Windows\system32\w32time.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  ResolvePeerBackoffMinutes: 15 (Policy)
  ResolvePeerBackoffMaxTimes: 7 (Policy)
  CompatibilityFlags: 2147483648 (Local)
  EventLogFlags: 0 (Policy)
  LargeSampleSkew: 3 (Local)
  SpecialPollInterval: 3600 (Policy)
  Type: NTP (Policy)
  NtpServer: 10.7.0.4 (Policy)
  NtpServer (Local)
  DllName: C:\Windows\system32\w32time.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 0 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  VMICTimeProvider (Local)
  DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  Cisco config and errors
  CISCO1#show ntp ass det
  10.7.0.7 configured, insane, invalid, stratum 3
  ref ID 10.7.0.4, time D5BC850F.C8400AB2 (15:50:39.782 MSK Mon Aug 19 2013)
  our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024
  root delay 62.50 msec, root disp 11128.04, reach 377, sync dist 11218.796
  delay 6.06 msec, offset -467951.1096 msec, dispersion 56.49
  precision 2**6, version 3
  org time D5BC8864.F79C33A7 (16:04:52.967 MSK Mon Aug 19 2013)
  rcv time D5BC8A38.EBDECB39 (16:12:40.921 MSK Mon Aug 19 2013)
  xmt time D5BC8A38.EA5173BE (16:12:40.915 MSK Mon Aug 19 2013)
  filtdelay =     6.06    5.87    3.23    7.90    6.41    5.17   13.03    3.43
  filtoffset = -467951 -467905 -467936 -467885 -467764 -467816 -467707 -467697
  filterror =     0.02   15.64   31.27   46.89   62.52   78.14   93.75   93.78

  Hi,
   >>I gave log on as a service right to this account in Default Domain Controllers Policy but unfortunately it was not enough
  Based on your description, we can try to grant this account Allow log on locally
  user right in the default domain controller policy to see if it helps.
  The policy setting is:
  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
  Allow log on locally
  http://technet.microsoft.com/en-us/library/cc756809(v=ws.10).aspx#feedback
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen

• Does Supervisor Engine 6L-E compatible with Cisco Ws-C4506 Non-E switch?

  Does Supervisor Engine 6L-E compatible with Cisco Ws-C4506 Non-E switch?

  Yes, it is compatible with non-e chassis.
  see below:
  The Cisco Catalyst 4500 Supervisor Engine 6L-E is also compatible with classic Cisco Catalyst 4500 line cards, chassis (3-, 6-, and 7-slot), and power supplies, providing full investment protection.
  link to data sheet:
  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/data_sheet_c78-530856.html
  HTH

• HSRP with layer 2 switching

  I configure HSRP on two layer 3 switches (Switch A-Switch B), Sw A is connected to Router A, Sw B is connected to Router B
  But I want to use also the Layer two features of my switch
  - is it possible to use these switches also for LAN ?
  lets say there is a simple LAN with 1 VLAN and 10 PCs. PCs have two ethernet ports, they are directly connected to L3 switches redundantly.
  thanks for helping

  thanks Martin
  I want all of my PCs (total ten) in the same subnet
  so what should I do is:
  1. configure 10 ports of the L3 switch as switchport under VLAN 1 (these ports will conect ten PCs on the same subnet)
  One port of Switch A will be connected to router A (2610),
  One port of Switch B will be connected to router B (2610). So;
  2. Configure one port of the each L3 switches as 'no switch port' and assign IP addresses. Since they are not switchports, I shouldnt create VLAN for them.
  3. Configure HSRP
  4. Configure EIGRP or OSPF
  AFTER ALL: there is one VLAN that connects all PCs,there is one Layer 3 port on each Switches. And systems work :-)
  Could you please confirm If I properly understand your post?
  thank you very much for helping

• Stacking with Cisco Blade Switches

  Hi,
  We have a HP p-class Blade System with two Cisco Gigabit Ethernet Switch Modules (Cisco IOS Release 12.2(25)SE) for every enclosure. My question is how I can stack the two blade switches (in the same enclosure) so that every HP blade server to be connected with the two switches in the active/standby state? In other words, can and how I make a port-channel which includes ports from the two switches?
  Unfortunately I couldn't found any documentation for the purpose.

  Hi,
  With the CGESM switches you have you cannot use 802.3ad teaming against the two blade switches. This is possible with the Cisco 3120 blade switches for HP c-class.
  Now, in your case, you can use standard Active/Standby NIC teaming, where the active NIC of each server connects to one switch and the standby NIC connects to the other switch. Should a blade switch completely fail, all of the servers with their active NIC connected to the failed switch should see the link go down and switch over to the standby NIC on the second switch. This should work very well.
  One problem that can happen however is that the blade switch itself does not completely fail. Instead maybe the blade switch uplink fails, or the upstream switch it is connected to fails. In this situation the server NIC does not experience a failure and continues to send traffic to the blade switch that does not have anywhere to send the traffic, a black hole. This is perhaps the problem you are seeing?
  The fortunate thing is that Cisco has a solution to this problem called Trunk Failover with Link State Tracking. What this allows you to do is to tell the blade switch that if it experiences a failure on its uplinks that it should also bring down the links to the servers as well. This will cause the servers to see a failure on their active NIC and perform a switchover to the second blade switch.
  I looked up your switch and found that your 12.2(25)SE1 code does not support this feature. You will need to upgrade to 12.2(25)SEE4 and you will be able to configure this on your switches.
  Here is a link to see how this configuration works:
  http://www.cisco.com/en/US/docs/switches/blades/3020/software/release/12.2_25_sef1/configuration/guide/swethchl.html#wp1346176
  Hope this helps.
  If so please rate my posts.
  Thanks,
  Brad

• IPv6 - PPPOE Login with Cisco 886

  Hi all,
  i'm trying to get online with IPv6 with my Cisco 886. But i failed. 
  Perhaps you have any hints for me.
  My Config:
  interface Dialer0
  description *** IPv6 ***
  no ip address
  ip flow ingress
  ip virtual-reassembly in
  encapsulation ppp
  load-interval 30
  dialer pool 1
  ipv6 address autoconfig default
  ipv6 enable
  fair-queue
  ppp authentication chap callin
  ppp chap hostname USERNAME
  ppp chap password PASSWORD
  ppp pap refuse
  no cdp enable
  (This config works well with an Cisco 836!)
  PPP protocol negotiation debugging tells me:
  Jan 10 10:26:06.588 CET: Vi2 PPP: Phase is FORWARDING, Attempting 
  Forward
  Jan 10 10:26:06.588 CET: Vi2 PPP: Queue IPCP code[1] id[1]
  Jan 10 10:26:06.588 CET: Vi2 PPP: Queue IPV6CP code[1] id[1]
  Jan 10 10:26:06.592 CET: Vi2 PPP: Phase is ESTABLISHING, Finish LCP
  Jan 10 10:26:06.592 CET: Vi2 PPP: Phase is UP
  Jan 10 10:26:06.592 CET: Vi2 PPP: Process pending ncp packets
  Jan 10 10:26:06.592 CET: Vi2 IPCP: Redirect packet to Vi2
  Jan 10 10:26:06.592 CET: Vi2 IPCP: I CONFREQ [UNKNOWN] id 1 len 10
  Jan 10 10:26:06.592 CET: Vi2 IPCP:    Address 192.168.1.13 
  (0x0306D918C00D)
  Jan 10 10:26:06.592 CET: Vi2 LCP: O PROTREJ [Open] id 3 len 16 
  protocol IPCP (0x0101000C0306D918C00D)
  Jan 10 10:26:06.592 CET: Vi2 IPV6CP: Redirect packet to Vi2
  Jan 10 10:26:06.592 CET: Vi2 IPV6CP: I CONFREQ [UNKNOWN] id 1 len 14
  Jan 10 10:26:06.592 CET: Vi2 IPV6CP:    (0x010A021C0FFFFE38381B)
  Jan 10 10:26:06.592 CET: Vi2 LCP: O PROTREJ [Open] id 4 len 20 
  protocol IPV6CP (0x01010010010A021C0FFFFE38381B)
  Jan 10 10:26:06.596 CET: %LINEPROTO-5-UPDOWN: Line protocol on 
  Interface Virtual-Access2, changed state to up
  What could be the reason for the IPV6CP Reject?
  Best regards
  Harald

  Hi Laurent,
  if i change the dialer interface with "ip address negotiated" the probelm is still existent.
  Furthermore i'm still wonding about the same config which is working on Cisco 836.
  I'm using: "c880data-universalk9-mz.151-2.T3.bin"
  Regards
  Harald

• Airport wifi problems with uverse and gigabit switch resolved

  I think there is a bug in airport firmware 7.6 with how spanning tree works in addition to problems with the Uverse router. Having an Airport with a uverse 2wire 3801 and gigabit switch will not work. Putting the extreme in NAT mode with DMZ plus behind the uverse resolved the problem.
  Network configuration:
  Uverse 2wire 3801 router
      3801 provides prioritization for upstream traffic so skype and VoIP work better when doing a lot of stuff on Internet
  Airport extreme firmware 7.6
  two airport express 802.11n hardwired to extreme. Set up in bridge mode. All access points have same SSID "create a network" to enable roaming. Ignore anything to do with extending a network.  firmware 7.6
  two gigabit switches
      Netgear GS608 - 8 port gigabit switch
      Trendnet TEG-S80g - 8 port gigabit switch
      100BT 5 port switch - did not figure into problem
  Three Uverse set top boxes wired on Ethernet. They have to be wire directly to the 2wire box to work correctly. See: http://forums.att.com/t5/Features-and-How-To/At-amp-t-U-Verse-modem-setup-Airpor t-Extreme/td-p/2300785
  However, you need to be careful to place your own PCs and other internet devices on the network created by your gear (airport extreme in your case), but keep AT&T's set top boxes for the IPTV services IN FRONT of your own router - so they remain on AT&T's provided network.
  So it would work like this ...
  Network 1: 2wire RG (4 lan ports) ->  Any Set tops, and to the WAN port on your AirportExtreme
  Network 2: Airport Extreme LAN ports -> to any computers or internet devices (but not AT&T set top boxes).
  The RG prioritizes the traffic for your Uverse Voice and your Uverse TV ahead of internet data traffic, as it rationalizes data heading out of your home.  If you place your own equipment in that equation (like putting AT&T set top boxes behind your Airport Extreme) the performance and function of your AT&T set top boxes could really flake out on you.
  Symptom:
      Everything would be working fine, then intermittently all my wifi access points would stop working. ~6,000 ms latency, dropped packets. Ethernet worked fine. Here is an example of my macbook pinging the extreme when associated with the extreme over wifi with a strong signal.
  ping: sendto: Host is down
  Request timeout for icmp_seq 23
  Request timeout for icmp_seq 24
  64 bytes from 192.168.1.64: icmp_seq=25 ttl=255 time=267.051 ms
  Request timeout for icmp_seq 26
  Request timeout for icmp_seq 27
  Request timeout for icmp_seq 28
  64 bytes from 192.168.1.64: icmp_seq=26 ttl=255 time=3402.599 ms
  Request timeout for icmp_seq 30
  Request timeout for icmp_seq 31
  Request timeout for icmp_seq 32
  64 bytes from 192.168.1.64: icmp_seq=30 ttl=255 time=3060.673 ms
  64 bytes from 192.168.1.64: icmp_seq=34 ttl=255 time=24.115 ms
  64 bytes from 192.168.1.64: icmp_seq=35 ttl=255 time=31.056 ms
  64 bytes from 192.168.1.64: icmp_seq=36 ttl=255 time=39.828 ms
  Root cause:
      It looks like the 2wire 2801 router has a problem with spanning tree when interoperating with gigabit switches and airports. There is interplay with the airport.
  I did not have this problem until the 7.6 airport firmware. I had been using the Netgear hub for about a year with the extreme in bridge mode. I added the Trendnet hub and upgraded airport firmware at the same time which made fault isolation difficult.
  Problem recreation:
  Set up airport expresses hard wired to extreme
  Connect gigabit switch anywhere to network
  Everything OK
  Dettach one computer from wifi then reattach, then all wifi stops working. It takes a few seconds for the problem to propagate.
  Ethernet still works fine
  Problem Resolution:
  Connect to 2wire with ethernet
  Set 2wire route to have subnet as 192.168.2.x
  Set extreme in NAT mode behind 2wire. It will complain about double NAT. Override the warning. Set the subnet to 192.168.1.x so you don't have to change any static IP addresses. Note that 2wire uses 192.168.1.254 as default route whereas airport uses 192.168.1.1.
  I set DHCP to start at .10 to leave the lower addresses for assigning static IP addresses to computers I want to expose outside the firewall.
  Go into firewall settings. Select airport extreme. Select the bottom setting which is "DMZ Plus". When you go into the airport extreme settings, you will now see that it has the uverse public IP address on its WAN port. NAT port mappings work fine on the extreme behind the 2wire router.

  Keeping this very short here is a summary of the actual problem and solution to allow your Apple Airport Extreme to run in Bridge mode on the same subnet as your uVerse settop boxes (if your Layer 2 switch is configurable). 
  Devices: Uverse, Cisco SG300, and Airport Extreme
  uVerse uses Multicast to broadcast video streams between the uVerse network to the settop box, and from settop box to settop box.
  X number of Multicast Groups are created based on X number of settop boxes you have.  You can see the multicast definitions by logging into the webinterface of the iNid. Each settop box is a member and can choose to display a broadcasted TV stream or not.
  Multicast membership is setup by the use of ICMP messages for IPv4 (MLD for IPv6).  Each of the settop boxes become members of each others multicast group by reporting up to the iNid (MultiCast Proxy).
  In an ideal world a layer 2 switch will track these memberships and only forward a broadcast packet to the ports on the switch to which the settop boxes are connected to.  The switch would do these via snooping on the ICMP packets.  Most switches by default do not do this by default and simply forward the broadcast packett out every one of it's switch ports.
  Here in lies the problem.  Problem is that the Apple AES doesn’t do ICMP snooping / filtering and floods the wireless network with these broadcast streams.
  In order to fix this you must turn on ICMP snooping and filtering on the switch (or buy a switch that does this).  I have a Cisco SG300 and list out the configuration below.
  Other notes:
  Ensure that all Media renderers (settop boxes) and servers are wired directly off the switch and not attached to any of the Airport Express ports.  This way no media transverses the Airport (only control point traffic goes through the WiFi - which is fine).  Obviously if the IGMP snooping switch sees any client requesting Multicast streaming traffic on the same port as the WAP, it will add that Multicast address to the forwarding table for that port, and then, yes it could get flooded.
  Remember, you need to allow some Multicast traffic through your WAP to allow UPnP discovery to work (assuming that you will be using Wireless control points.)
  Read the Multicast chapter in the SG 300 switch Admin Guide as it explains things very well.
  Setting up multicast on the SG300s using the WebUI:
  1. Multicast/Properties/
  Tick enable Bridge Multicast Filtering Status for VLAN 1, and
  set the Forwarding Method to IP Group Address for both IPv4 & IPv6.
  2. Multicast/ IGMP snooping/
  Tick enable IGMP snooping status then select and edit the entry and ensure that IGMP querier status is ticked.
  It's essential for IGMP snooping to work that there must be at least one active IGMP querier on the network - if more than one is enabled, they will carry out an "election" to decide which one should be active (normally the one with the lowest IP address.)
  3. Multicast Router Port
  Set whichever port that is connected to the uVerse iNid to Status which means that it the uVerse router connected to this port is the Multicast Router
  4. Multicast/ Unregistered Multicast
  set all ports to Filtering. (The default is Forwarding.)
  There are a lot of other variables within all the above - the defaults are OK, you should probably leave them alone!
  In the config file you would then expect to see the above appearing as something like this:
  ip igmp snooping
  ip igmp snooping vlan 1
  ip igmp snooping vlan 1 immediate-leave
  interface vlan 1
  bridge multicast mode ipv4-group
  bridge multicast ipv6 mode ip-group
  interface range gi1-10
  bridge multicast unregistered filtering
  ip igmp snooping vlan 1 querier
  ip igmp snooping vlan 1 querier address <IP-Addr>