Hi, I have a multi-tiered application, with the tiers communicating with each other through contexts on a FWSM in a 6500. The servers in each tier have a requirement to communicate directly with each other using multicast and as such they each have an interface in a VLAN dedicated to this multicasting. The is an obvious security risk as if one of the servers is compromised, they can communicate directly with the other servers on the multicast vlan.
I need some way of applying layer 2 filtering on the switcports that are in this multicast vlan, so that only multicast traffic can pass through them.
The only ways I can think of doing this, are to use VACLs which specify the source and multicast IP addresses, port based extended MAC ACLs or the other thing I've come accross is the 'switchport block unicast' command. I'm having a bit of trouble understanding this commmand. Is anyone able to advise on the best way to achieve this?
Many Thanks in advance