Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Prevent 224 multicast from hitting switchports

We have a couple of switches with a L3 Vlan 238 interface which runs PIM SM and OSPF, and HSRP.   We have connected to this same segment telemetry processors which have raw socket interfaces configured - which means it picks up all IP packets which hit the interface and forwards them along.

So we dont want the processor to recevie any of the 224.x.x.x switch housekeeping traffic

is there anyway to prevent that ?

1 REPLY

Prevent 224 multicast from hitting switchports

You may be able to use a VACL to do this, but you'll need to be careful when using them to not block something that's needed. You'd do something like:

Processors Addresses:

192.168.238.50

192.168.238.51

ip access-list ext BlockMulticast

permit ip 224.0.0.0 0.255.255.255 host 192.168.238.50

permit ip 224.0.0.0 0.255.255.255 host 192.168.238.51

vlan access-map BlockMulticast 10

match ip address BlockMulticast

action drop

vlan access-map BlockMulticast 20

action forward

vlan filter BlockMulticast vlan-list 238

**** Disclaimer ****

I'm not sure if the above will block multicast traffic. Another way of doing it may be to put your processors into private vlans. If anything, I would definitely create an outage window to put this in place and see what the results are.

John

HTH, John *** Please rate all useful posts ***
236
Views
0
Helpful
1
Replies
CreatePlease to create content