We have a Cisco 4948 switch that is behaving oddly. This switch has three VLANs on it, for the sake of this issue, I will call them VLAN1, VLAN2, and VLAN3 We have a device on VLAN2 that sends a flurry of UDP traffic to itself when it is started up or detects a change in the network. The traffic looks something like this: (IP addresses have been changed) 192.168.12.34 -> 18.104.22.168 UDP D=8201 S=1024 Len=1324
This is quickly repeated for about thirty seconds, and then it settles down. The odd behavior involves the flurry of UDP traffic jumping from VLAN2 to VLAN3 for no apparent reason. The initial flurry always occurs in VLAN2, but it seems that after a minute or so, the traffic will jump to VLAN3. Our VLAN3 is sensitive to network traffic so we are trying to isolate the VLAN from high traffic devices.
Thank you for the response.
A little more detail; the chattery device also needs to communicate to another host in the same vlan (vlan2). When you say “inbound interface of the router” are you referring to our 4948 switch port? We only have the switch (which has routing capabilities)
We have “ip multicast-routing” set in the global configuration and also “ip pim sparse-dense-mode” set in each of our VLAN interfaces. I could not find any setting for multicast forwarding.
So with these settings, it seems a querier can be on any VLAN and receive the multicast stream from VLAN2. This is not what we want. We would like to isolate multicast traffic to only VLAN2 even if a host in another VLAN requests to be part of the multicast group.
I believe I achieved the multicast isolation but removing the global “ip multicast-routing” setting, but then every port of VLAN2 is flooded with all the multicast traffic.
So I guess we want the best of both worlds; we want the advantages that ip multicast routing gives us, but we want to strictly isolate that multicast to one VLAN on ouw 4948 switch. Is this possible?
Ideally you would want to disable multicast routing and enable the IGMP snooping querier function but i don't believe the 4948 supports this.
So enable ip multicast routing but only configure "ip pim sparse-dense-mode" under the L3 vlan interface you want to isolate ie. take it off all the other L3 vlan interfaces.
the address 239.... is a multicast address so my guess is that your router between vlan2 and vlan3 forwards multicasts.
one simple way to stop it would be to set an access-list to drop (deny) the multicast traffic on the inbound interface of the router of vlan2.
that way you will not destroy any other traffic than just the specified in the access-list and it will be realy quick to take away it from the access-list if it does make a disturbance somewhere.
Ofcourse the best thing to do is to correct the configuration of the router if this is not the desired behaviour but the access-list is a quick fix that shows if that is the case.
that is what i would start with.