Question

How to block multicast traffic in specific VLAN?


Userlevel 3
Hi everybody.
I'd like to block all ingress multicast traffic in specific VLAN. Can anybody suggest me how I can do this?

5 replies

Block mulitcast ip address ranges
Userlevel 6
Hello eyeV what switch are you doing this on? As David mentioned above you can create an ACL to block the traffic on the VLAN. Using XOS this is doe using a policy file that can then be assigned to the VLAN.

If you just need to limit traffic you can also use the Multicast/broadcast thresholds on a per port perspective. You could set a very low threshold, possibly even 0pps to handle this but that is per port not per VLAN so trunk ports would affect all VLANs.

Thanks
P
Userlevel 3
Thanks for suggests. I've created ACL and added it to VLAN.

entry multicast {
if {
source-address 224.0.0.0/4;
}
then {
deny;
packet-count mcast-deny;
}
}
[/code]
Userlevel 6
Hey eyeV

That looks correct. Note that multicast can be in the range of 224.0.0.0 - 239.255.255.255. Also be aware that this may affect multicast traffic needed for route protocols etc.

Thanks
P
Userlevel 3
Paul Russo wrote:

Hey eyeV

That looks correct. Note that multicast can be in the range of 224.0.0.0 - 239.255.255.255. Also be aware that this may affect multicast traffic needed for route protocols etc.

Thanks
P

I remember about protocols which use multicast, but we don't use any in this VLAN.
Thanks!

Reply