Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multicast security

I'm interested in ways to control which hosts can send IP multicast and who can receive it. I imagine you could use access lists but this would be highly time consuming on a per host basis.

Does anyone know if there are any other ways of implmenting some kind of filtering on a per host basis which wouldn't be too time consuming?

2 REPLIES
Silver

Re: Multicast security

The other way I could think of is to use IGMP snooping to forward multicast traffic only to those ports that want to receive it.

For details, refer:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e705.html

New Member

Re: Multicast security

There is no way to stop hosts from trying to join multicast groups, or hosts from trying to become sources. However, what we have done is to configure PIM sparse mode on all links. We use static RP and use ACL to configure which sources can source which groups. This seems to work well and through SNMP monitoring we have noticed a fair amount of hosts trying to source rogue groups that are not configured. But, becuase the groups are not configured and the links are sparse mode only, the traffic never leaves that segment. Hope this helps.

97
Views
0
Helpful
2
Replies