I have 2 6513's with HSRP set up I have 2 F5 downstream boxes. I noticed that when the HSRP message between the 6513's is broadcasted on 220.127.116.11 that a tcpdump on the F5 shows that the HSRP message is seen by the F5. Is there a way to setup the 6513's so the HSRP doesn't go out certain VLANS? The F5 drops these packets.
HSRP packets go only between switches/routers, where it is configured, and only on VLANs, where it is configured. All other devices should ignore these packets.
HSRP works this way - you setup an interfaces on two adjacent routers to participate in HSRP group. Each interface is configured with it's own IP address (they should be in the same subnet though). Then you define a "virtual IP address", shared between these two interfaces. HSRP group generates a MAC address for this virtual IP address, and sends it in response to ARP request. Then packet gets to an "active" interface with higher HSRP priority. If active interface goes down, then standby interface gets active, and all packets go to second switch.
In your F5 appliances you should configure similar thing, but is should be completely separate from what you have in your Cisco switches (you should use different physical and virtual IP addresses), however again, they should be in the same subnet as your routers and HSRP address. On the F5 appliance you should configure a routing, pointing to a virtual IP address (HSRP address), and in the routers you should point to an virtual F5 IP address.
Mike CCNP, CCDP, CCSP, Cisco Voice, MCSE W2K, MCSE+I, Security+, etc. CCIE R&S (in progress), CCIE Voice (in progress)
The packet addressed to a multicast destination address will be converted to a layer 2 broadcast that all the machines in a vlan will receive. The way you would block this from the F5 ever seeing it is to use IGMP snooping on the access switches that connect to the F5.
Sport> I have 2 6513's with HSRP set up I have 2 F5 downstream boxes. I