12-03-2013 11:41 AM - edited 03-04-2019 09:45 PM
HI Cisco experts need Quick help
We have C3750 Switch connecting several Video Decoders working on Multicast UDP .
I need to block any Outgoing UDP multicast on port 3000 leaving the switch interface .
Please advise what will be best way to do it . please give example configuration .
Thanks .
12-03-2013 12:03 PM
Does the multicast originate in the same vlan as the one the port is in or is it routed into that vlan.
You may not be able to do this because port acls can only be applied inbound on a 3750 and not outbound.
Is the mutlicast stream being requested by the decoders on the vlan ie are they sending IGMP messages to reeceive the multicast stream ?
Jon
12-03-2013 12:11 PM
Yes Jon , the Port is in Same VLAN.
is their any way i can Block the UDP going out of this switch interface . Besides ACL any way Out ?
i have switch conneting decoders on 7 Ports this decoders generate the Video on UDP port 3000 .. all 7 ports in VALN 144 .
Now when i connect any device on any port with VLAN 144 the device is reciving all the UDP multicast . No matter if its requested by by device or not .
this 7 Ports are generating traffice up to 100 Mbps and this is causing issue .
I want to block or restrict the traffic leaving out of this interfaces .
I hople i was able to explain the situation .
when i used a Planet Switch for same setup i had an option to limit trafic / restrict trafice out of the Switch Ports and it worked good .
I need to replace the Planet Switch with Cisco do we have any Option with Cisco .
12-03-2013 12:25 PM
Okay, that is a different problem. You cannot block it with an acl because as i say acl can only be applied inbound on physical ports.
But there is a solution. You need to -
1) enable IGMP snooping on the switch. This should already be enabled
2) I'm assuming you do not have PIM enabled on the L3 vlan 144 interface ? If this is correct you then need to configure the IGMP snooping querier function which will make IGMP queries for the switch to listen to. See this link for how to configure it -
Once you have done the switch should not send the multicast stream out of ports where there is a device attached that has not requested that stream.
Jon
12-03-2013 12:43 PM
Thanks a lot Jon ,
D
its good document i hope it will solve my problem .
please could you help me understand " Snooping Querier " can this be IP address of the machine which is Asking for the
Multicast UDP Streem .
what i have is switch with 7 Decoders and 1 Encoder this Decoders are in VLAN 144 and Encoder as will is in this VLAN 144
We have decoders Producing the UDP video stream on port 3000 and the Encoder is receiving the Stream for processing .
their is No IP on the switch at all NO router involved its plain L2 network .
Thanks again for your response .
12-03-2013 12:51 PM
The IGMP snooping querier needs an IP address from somewhere. I understand it is a plain L2 network. Is this switch connected to any other switch(es)/routers and if so how in terms of vlans/IP addressing.
Jon
12-03-2013 12:58 PM
OH!!!
Sorry we have VLAN 1 on that switch with ip address .
the config is as follows
!
interface GigabitEthernet2/0/48
switchport access vlan 144
switchport mode access
macro description cisco-desktop
spanning-tree portfast
interface GigabitEthernet2/0/45
switchport access vlan 144
switchport mode access
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface Vlan1
ip address 10.0.0.103 255.255.255.0
VLAN 144 is on other switch ,connecting to this switch VLAN 144 has Ip range 192.168.250.0 255.255.255.0
and the Decoders user Multicast IPs as
239.0.170.1
239.0.171.1
239.0.172.1 so on
12-03-2013 01:04 PM
So does vlan 144 have a L3 vlan interface on another switch that is connected via a trunk or an access port in vlan 144 ie if you have a client in vlan 144 does it have a default gateway so it can send traffic to other vlans ?
Jon
12-03-2013 08:48 PM
Thanks Jon ,
VLAN 144 doesnot has L3 interface and looks like there is no IP defined for VLAN144. But i can assigne the subnet to this VLAN 144 , i will assign IP 192.168.250.1 255.255.255.128 to it
and make it as a Snooping Querier. does that sounds correct , again .. my multicast IPs are diffrent . and the reciver IP is in 192.168.250.0 range .
i am trying to figure out if Snooping Querier is the IP of system which is trying to request this multicast UDP packets . Or it should be the IP for the Switch .
the objective is we need some decoders to connet to this encoder for video. Decoders generating Video and single encoder reviving them . i understand that for this unicast should be good idea , but our encoder do not support unicast .
.
once again thanks for your responce.
12-04-2013 05:53 AM
The snooping querier should be tied to the switch not the machine requesting the stream. It doesn't have to be the actual switch you are on it could configured on the switch with the vlan 144 L3 vlan interface as long as that switch was connected to your switch using a trunk with vlan 144 allowed on it.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide