04-01-2010 09:45 AM - edited 03-06-2019 10:25 AM
Hi all
I have a Catalyst 2960 with LANBASE 12.2(44)SE2 software.
On port Fa0/1 associated with vlan 1 I have two UDP multicast traffic (A and B) coming from an appliance. On the network attached to port Fa0/2 (associated to vlan 1) it should not be available the multicast traffic B.
I saw that I can filter with an access-list the multicast data entering a switchport, but not outgoing.
Any idea of how I can proceed to filter such traffic?
Thanks
Best regards
--
E. Richiardone
04-01-2010 09:50 AM
emmanuelrr wrote:
Hi all
I have a Catalyst 2960 with LANBASE 12.2(44)SE2 software.
On port Fa0/1 associated with vlan 1 I have two UDP multicast traffic (A and B) coming from an appliance. On the network attached to port Fa0/2 (associated to vlan 1) it should not be available the multicast traffic B.
I saw that I can filter with an access-list the multicast data entering a switchport, but not outgoing.
Any idea of how I can proceed to filter such traffic?
Thanks
Best regards
--
E. Richiardone
When you say it should not be available do you mean that evein if a host attached to fa0/2 requested it it still should not be available or simply that by default you do not want that traffic to be sent out the port ?
Jon
04-02-2010 03:29 AM
Jon,
I mean that I don't want that traffic to be sent out from the port Fa0/2 by default.
But in any case, on the network attached to Fa0/2 no host will ask for multicast B.
Any idea?
Thanks
04-02-2010 03:53 AM
emmanuelrr wrote:
Jon,
I mean that I don't want that traffic to be sent out from the port Fa0/2 by default.
But in any case, on the network attached to Fa0/2 no host will ask for multicast B.
Any idea?
Thanks
IGMP snooping is enabled by default on your switch but you need something to make the IGMP queries. Fortunately you have the IGMP snooping querier function available with this IOS so if you enable this then only those ports that request the multicast traffic should receive it -
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
04-06-2010 02:28 AM
Hi Jon,
The problem is, that the appliance that generate the two multicast traffic isn't IGMP aware. I've deployed some configuration but I'm not able to filter the traffic.
I start thinking that it's not possible to do my job with a catalyst; the problem is that I need to apply an access-group to an interface in the "out" direction.
04-01-2010 10:03 AM
Hi all
I have a Catalyst 2960 with LANBASE 12.2(44)SE2 software.
On port Fa0/1 associated with vlan 1 I have two UDP multicast traffic (A and B) coming from an appliance. On the network attached to port Fa0/2 (associated to vlan 1) it should not be available the multicast traffic B.
I saw that I can filter with an access-list the multicast data entering a switchport, but not outgoing.
Any idea of how I can proceed to filter such traffic?
Thanks
Best regards
--
E. Richiardone
Hi Richiardone,
You can use extended ACL to block multicast packets.The best and better is block in incoming interface let say if your servers are in address block 10.10.10.0 /24, you might only allow multicast coming from official servers.
Create the following access list (ACL) and apply it to all inbound interfaces.
ip access-list extended ipmc-source
permit ip host 10.10.10.0.0 0.0.0.255 224.0.0.0 15.255.255.255
permit ip any 224.0.0.0 0.0.1.255
deny ip any 224.0.0.0 15.255.255.255 log
permit ip any any
interface ethernet0
ip access-group ipmc-source in
You can apply the ACL as per the direction of the flow.
Hope to Help !!
Ganesh.H
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
04-02-2010 03:31 AM
Ganesh,
I cannot select the multicast traffic using the source address, because either the multicast address A and B are coming from the same interface of the same host.
The problem is that I don't know how to filter on the outgoing interface, not incoming.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide