I'm trying to create a vlan that doesn't allow multicast between devices within the vlan.
With multicast routing, I think I simply make sure there's no ip pim sparse/dense command in the vlan config and that will prevent any multicast from entering/leavng the vlan which solves half my problem.
For physical devices connected to a port on the vlan in question, I think there's a storm-control and 1 other command will block it all multicast to that port which I believe solves the multicast within the vlan but......
My problem is with virtual machines. While I can put them on the vlan, I don't have the cisco 1000 virtual switch to block each port.
Given that, is there any config which will prevent devices in the same vlan from using multicast without configuring a physical port?
I'm working with 3850 and 4500 switches in this case
Thank you so much! It appears to be working. We'll see what happens in a few days when I reconfigure if it holds but so far so good
These are the final commands which did the trick if anyone else comes across this thread:
access-list 100 permit ip any 22.214.171.124 126.96.36.199 vlan access-map block-multicast 10 match ip address 100 action drop vlan access-map block-multicast 20 action forward vlan filter block-multicast vlan-list x (where x is the vlan id)
Using the same idea I was able to block UDP traffic as well in/out/within the vlan as well.
Is there a large performance impact to using these filters? I would be putting them on a 3850 so i would assume i have enough cpu but any guidance is appreciated.
Hello Alain, aren't we at risk of blocking service messages destined to all host or all routers with this access-list that cojld interfer with functionning of the network ? Shouldn't we block 225.x.x.x upwards ?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.