Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ethernet/IP (Industrial Protocol, Multicast traffic) 3560V2 options.

     Hey all, I have a location that has some very serious network degradation issues being caused by multicast traffic from Ethernet/IP, so serious it constantly knocks devices offline. This location has 6 fiber connected industrial switches that are managed, but not Cisco. I just ordered a 3650V2 (IP Base) switch for the inside server rack and termination location for the fiber. I plan to replace the industrial switch in this location with the Cisco 3650V2. My plan is to implement IGMP snooping and some QoS management from this switch, but I know VLANS are my best option.

    Here is the problem though, because this is all industrial equipment and from all sorts of vendors, I cannot reconfigure the IP’s of this equipment. They are all on the same 192.168.1.X /24 network. The 3650 will be directly connected to the servers that this equipment needs to communicate with.

First. Do I have any other options with this setup to limit the multicast traffic?

Second. Can I implement Vlan’s with only 1 subnet and no option to reconfigure the IP scheme?

Third. Assuming I can have multiple Vlan’s with only 1 Subnet, How do I route the traffic to the servers? I’m confused because I can’t use the standard IP’ing policy for a gateway if they are all on the same subnet??

I appreciate any useful information.  

Hall of Fame Super Blue

Ethernet/IP (Industrial Protocol, Multicast traffic) 3560V2 opti


Not entirely sure i follow all your setup but i will try to answer some of your questions.

1) IGMP snooping on the 3560 will only be local to the switch. If the source of the multicast streams are connected to the 3560 or the multicast traffic has to go via the 3560 then it could help. But if the multicast streams can between the other switches without going via the 3560 then IGMP snooping will be of limited use.

Is it the servers you are trying to protect with IGMP snooping ?

2) Not sure i uderstand about the routing. The equipment uses 192.168.1.x addressing. Presumably the servers do to. Are you saying you cannot readdress the servers at all ?

3) You can use two vlans with same IP subnet and then something has to bridge those two vlans together. This is usually a device like such as a transparent firewall or a load balancer in L2 mode ie. -

vlan 10 -> firewall -> vlan 11

where the same IP subnet is used for both vlans. The issue is that generally there is only connection on each side of the firewall but in your setup i don't this that is the case. So i doubt very much that you will be able to do this and you actually create L2 loops in your network and take the whole thing down.

However the issue is really the multicast. So which devices are generating the mulitcast and which devices are being knocked offline by it.

There must be a significant amount of multicast traffic to do this ?


New Member

Re: Ethernet/IP (Industrial Protocol, Multicast traffic) 3560V2

Jon, thanks for the reply. The traffic is VERY significant; so much so that I cannot even access the management interface on any of the existing switches to verify their configurations. I used wire shark and had 27,000 connections in 15 seconds from just one PLC. I "might" be able to change the server IP's, but I was trying to avoid that because I am not sure if the industrial controllers are looking to a certain IP to send some data; this is a SCADA network. The traffic is knocking thin clients off the network, locking up server interfaces (NIC’s), and putting switches into fault modes.

From what I have read this is a very common scenario for ‘Ethernet/IP’ the industrial protocol being used on this network. It was a very poor implementation and should never have been setup this way to begin with. Now, I am trying to make it viable with a long-term goal of making it right. Unfortunately this is a 24/7 operation facility with very little scheduled downtime as well.  

From the documentation I have read about the existing industrial switches, they also support IGMP, however I cannot get to the management interfaces to verify the configuration. I do plan to check this during a planned down situation this Friday. For the most part it is the Server>Thin client>Workstations I am trying to protect from this traffic, the industrial network PLC’s and controllers do not seem to have a problem with it.  

What about storm control? Never used it, don’t fully understand it. Does it have a place in this setup?

Also, are you saying Vlans are not an option, given that I do not have a firewall? I do have a router and the switch is Layer 3 capable.

Thank You.

Hall of Fame Super Blue

Ethernet/IP (Industrial Protocol, Multicast traffic) 3560V2 opti


You say TCP connections but multicast is usually UDP ?  I probably need to have a read up on Ethernet IP.

So the servers/clients etc., you do not want them to receive the multicast ie. do they need it ?

Vlans are not an option as far as i can see. Nothing to do with not having a firewall, that was just an example, it's just you won't be able to do it with some many different physical connections in the same vlan.

If you are trying to protect the servers etc. from the mutlicast do you have enough ports on the 3560 for all of them ?

The industrial switches need to support IGMP snooping functionality not just IGMP. If they do this would help because the 3560 supports the IGMP snooping querier function which is needed if there is  no L3 multicat routing protocol in the network.

Only one switch needs to support the querier function as opposed to all switches needing to support IGMP snooping so you may be in luck.