How to block multicast traffic in specific VLAN?

  • 0
  • 1
  • Question
  • Updated 4 years ago
Hi everybody.
I'd like to block all ingress multicast traffic in specific VLAN. Can anybody suggest me how I can do this?

Photo of eyeV

eyeV

  • 2,484 Points 2k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Dawid Chrzan

Dawid Chrzan

  • 362 Points 250 badge 2x thumb
Block  mulitcast ip address ranges 
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello eyeV what switch are you doing this on?  As David mentioned above you can create an ACL to block the traffic on the VLAN. Using XOS this is doe using a policy file that can then be assigned to the VLAN. 

If you just need to limit traffic you can also use the Multicast/broadcast thresholds on a per port perspective.  You could set a very low threshold, possibly even 0pps to handle this but that is per port not per VLAN so trunk ports would affect all VLANs.

Thanks
P
Photo of eyeV

eyeV

  • 2,484 Points 2k badge 2x thumb
Thanks for suggests. I've created ACL and added it to VLAN.

entry multicast {
    if {
      source-address 224.0.0.0/4;
   }
    then {
       deny;
      packet-count mcast-deny;
    }
}


(Edited)
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey eyeV

That looks correct. Note that multicast can be in the range of 224.0.0.0 - 239.255.255.255.  Also be aware that this may affect multicast traffic needed for route protocols etc.

Thanks
P
Photo of eyeV

eyeV

  • 2,484 Points 2k badge 2x thumb
I remember about protocols which use multicast, but we don't use any in this VLAN.
Thanks!