How to deny or drop multicast on switch B5G124-48P2

  • 0
  • 2
  • Problem
  • Updated 9 months ago
  • Solved
the costumer need block de multicast and only pass unicast, on switch B5G124-48P2 for the CCTV solution with GENETEC
Photo of Salvador Gallo

Salvador Gallo

  • 452 Points 250 badge 2x thumb

Posted 9 months ago

  • 0
  • 2
Photo of Curtis Parish

Curtis Parish

  • 3,332 Points 3k badge 2x thumb
I have never heard of blocking all multicast on a switch but I am guessing that would be done by applying a  policy that blocks the multicast addresses at the edge ports. 
Photo of EtherMAN

EtherMAN, Embassador

  • 6,628 Points 5k badge 2x thumb
I would dig deeper into this request.  This is almost like asking a switch to block all broadcast traffic.  You can make sure IGMP snooping is enabled and all mcast traffic that does not have a valid connection will not be forwarded.  I am not sure how you could do an policy that would block all mcast traffic on ingress ports because there may be built in forwarders at the hardware level ???   Still seems to be a rather strange request and if it asked of me I would talk more with the client and get a deeper understanding of what he was trying to do along with equipment and networks configurations.  
Photo of Curtis Parish

Curtis Parish

  • 3,332 Points 3k badge 2x thumb
The policy would filter on the multicast IP address range.  
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,854 Points 10k badge 2x thumb
Hi Salvador,

to block IP multicast, you could write an ACL that drops the destination IP range 224.0.0.0/4 and allows anything else, and bind that to the switch ports.

Alternatively you could write a policy that either drops the above destination IP range, or drops the destination MAC address range 01-00-5E-00-00-00/25 and apply the policy to the respective ports.

Erik