This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable going multicast between subvlans in supervlan.

Disable going multicast between subvlans in supervlan.

Victor_Vit
New Contributor

‎01-19-2017 09:23 AM

Dear Colleagues,


If I use separate vlans on Extreme X450-24 ver. 15.3.2.11 on default settings multicast trafic doesn't route between these vlans. But if I use 2 subvlans (or more) in supervlan multicast trafic begins to route between these subvlans.
I don't need this. Please, help me.
How can I disable multicast routing between subvlans in 1 supervlan without using ACL?

Thank you.

0 Kudos
11 REPLIES 11

Alexandr_P
Valued Contributor

‎04-18-2017 04:41 AM

Hi, all!

As a continuation of this topic:
When using Supervlan - if numbers of IPARP and FDB entries less then 3000 - all work fine.
If entries more then 3000 - then higher ping, higher bcmRX (as I understand - because loop) process and appear below messages in logs:
Mar 22 20:02:02 192.168.x.xx Mar 22 20:02:03 DOSProt: Notify-threshold for L3 Protect packet count of 3000 reached Mar 22 20:02:03 192.168.x.xx Mar 22 20:02:04 DOSProt: Added an ACL to port 25, srcIP 0.0.0.0 to destIP 77.yyy.yyy.yyy, protocol tcp

Mar 22 20:02:03 192.168.x.xx Mar 22 20:02:04 DOSProt: Removed ACL from port 25, srcIP 0.0.0.0 to destIP 77.yyy.yyy.yyy, protocol tcp

Mar 22 20:02:12 192.168.x.xx Mar 22 20:02:04 DOSProt: Notify-threshold for L3 Protect packet count of 3000 reached

Mar 22 20:02:12 192.168.x.xx Mar 22 20:02:05 DOSProt: Added an ACL to port 25, srcIP 0.0.0.0 to destIP 77.yyy.yyy.yyy, protocol tcp

Mar 22 20:02:12 192.168.x.xx Mar 22 20:02:05 DOSProt: Notify-threshold for L3 Protect packet count of 3000 reached

Any ideas?

Thank you!

0 Kudos

Zdeněk_Pala
Extreme Employee

‎01-19-2017 09:39 AM

what do you mean by subvlan and supervlan?

I can imagine secondary interface on the same vlan or QinQ.

What kind of multicast you refer to ? L2 multicast or L3 multicast?
You mention multicast routing, can you elaborate more? = multicast routing protocol do you use?

Z.
Regards Zdeněk Pala
0 Kudos

Henrique
Extreme Employee
In response to Zdeněk_Pala

‎01-19-2017 09:39 AM

Hi Victor,

I don't see any other way to deny mcast communication between the subvlans. Even ACL might be tricky.

Only broadcast and unknown traffic remain local to the subvlans.

I would recommend you (if possible) to use normal vlans instead of using Vlan Aggregation feature if this issue is critical to your environment.
0 Kudos

Victor_Vit
New Contributor
In response to Zdeněk_Pala

‎01-19-2017 09:39 AM

Hello, Ty Kolff!
But this command does not isolation multicast. It works for ARP.
In our situation we must use supervlan.

0 Kudos

Alexandr_P
Valued Contributor
In response to Zdeněk_Pala

‎01-19-2017 09:39 AM

Hello, Ty Kolff!

#disable subvlan-proxy-arp vlan all
The isolation option works for normal, dynamic, ARP-based client communication.

Thank you!
0 Kudos
GTM-P2G8KFN