How to disable multicast at the switch level.

Unanswered Question
Sep 4th, 2007
User Badges:

I have seen large numbers of multicasts on one specific portion of my network. I cleared the counters and within a weeks time I saw upwards of 26 million multicasts on one switch that only had less than 15 users on it. I have noticed high multicast numbers on certain ports on switches while others have none. I know about using port storm control to keep the multicast traffic to a controllable level, but I have a few older switches that don't support the command, and I was hoping there was a way I could keep multicasts confined at least within the switch that is generating the multicast.

Also, I have noticed at least 40 printers in this building who's interfaces are showing 10Mb/s Half Duplex, and of course I am seeing a lot of collisions on the ports. Could this cause a latency problem if the collisions become excessive? I am assuming these printer NIC's can't do 100 Full Duplex, so would it be a good idea to change the switchports to match the settings they are getting from auto-negotiation? I believe the latency issues are the result of excessive multicasts, but with the large number of printers they have I am trying to eliminate these old NIC's and Jet Direct cards as the cause of the issue.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Tue, 09/04/2007 - 18:53
User Badges:
  • Super Bronze, 10000 points or more

"storm control" is often difficult to get just right, except for blatant out-of-control cases such as a DoS attack.

If your switches support and enable IGMP snooping, this might explain "I have noticed high multicast numbers on certain ports on switches while others have none."

IGMP snooping should also limit where the multicast packets are flooded but you'll need an IGMP querier.

As to the possible source of high multicast, it might be worthwhile to analyze what the source of the multicast is. Perhaps some users are running some type of Ghost replication or a multiplayer game.

"Could this cause a latency problem if the collisions become excessive?" Yes, but very unlikely especially with 10/half connected printer when it's the only device connected to the switch's port with a printer's usual unidirectional data stream. Although later printer NICs are often faster, the printer itself might be the bottleneck, especially when using character fonts.

If your auto ports have configured themselves as 10/half for a 10/half device, no real advantage to manually force them to 10/half.

markausten Tue, 09/04/2007 - 23:49
User Badges:

Try a mac ACL to block the multicast mac addresss range.

You would need to permit mac address range that translates to 224.0.0/24 as this is link local and used by various protocols.

lgijssel Wed, 09/05/2007 - 00:29
User Badges:
  • Red, 2250 points or more

Many network applications depend on multicast. In your case, I would attempt to determine the source and nature of the traffic first. After it is clear what you have here, you may decide to suppress it using filtering on your switches or tackle the issue by reconfiguring the source.

Collisions on half-duplex interfaces are normal. What is important here is the ratio of collisions against "good" packets. During normal operation this should not be higher than appr. 1:10000. Opinions may differ on the exact figure but if you have 1:1000 or more, look at your cabling and connectors.




This Discussion