Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

service-policy applied on the outbound traffic of Switch Port.

                   HI Cisco experts need Quick help

We have C3750 Switch connecting several Video Decoders working on Multicast UDP .

I need to block any Outgoing UDP multicast on port 3000 leaving the switch interface .

Please advise what will be best way to do it . please give example configuration .

Thanks .

Jon Marshall
VIP Community Legend

Does the multicast originate in the same vlan as the one the port is in or is it routed into that vlan.

You may not be able to do this because port acls can only be applied inbound on a 3750 and not outbound.

Is the mutlicast stream being requested by the decoders on the vlan ie are they sending IGMP messages to reeceive the multicast stream ?


Yes Jon , the Port is in Same VLAN. 

is their any way i can Block the UDP going out of this switch interface . Besides ACL any way Out ?


i have   switch conneting decoders on 7 Ports  this decoders generate the Video on UDP port 3000 .. all 7 ports in VALN 144 .

Now when i connect any device on any port with VLAN 144 the device is reciving all the UDP multicast . No matter if its requested by by device or not .

this 7 Ports are generating traffice up to 100 Mbps and this is causing issue .

I want to block or restrict the traffic  leaving out of this interfaces .

I hople i was able to explain the situation .

when i used a Planet Switch  for same setup i had an option to limit trafic / restrict trafice out of the Switch Ports and it worked good .

I need to replace the Planet Switch with Cisco do we have any Option with Cisco .

Okay, that is a different problem. You cannot block it with an acl because as i say acl can only be applied inbound on physical ports.

But there is a solution. You need to -

1) enable IGMP snooping on the switch. This should already be enabled

2) I'm assuming you do not have PIM enabled on the L3 vlan 144 interface ?  If this is correct you then need to configure the IGMP snooping querier function which will make IGMP queries for the switch to listen to. See this link for how to configure it -

Once you have done the switch should not send the multicast stream out of ports where there is a device attached that has not requested that stream.


Thanks a lot Jon ,


its good document i hope it will solve my problem .

please could you help me understand   " Snooping Querier "  can this be IP address of the machine which is Asking for the

Multicast UDP Streem .

what i have is switch with 7 Decoders and 1 Encoder this Decoders are in VLAN 144 and Encoder as will is in this VLAN 144

We have decoders Producing the UDP video stream on port 3000 and the Encoder is receiving the Stream for processing .

their is No IP on the switch at all NO router involved its plain L2 network .

Thanks again for your response .

The IGMP snooping querier needs an IP address from somewhere. I understand it is a plain L2 network. Is this switch connected to any other switch(es)/routers and if so how in terms of vlans/IP addressing.



Sorry we have VLAN 1 on that switch with ip address .

the config is as follows


interface GigabitEthernet2/0/48

switchport access vlan 144

switchport mode access

macro description cisco-desktop

spanning-tree portfast

interface GigabitEthernet2/0/45

switchport access vlan 144

switchport mode access

macro description cisco-desktop

spanning-tree portfast

spanning-tree bpduguard enable


interface Vlan1
ip address  

VLAN 144 is on other switch ,connecting to this switch   VLAN 144 has Ip range 

and the Decoders user Multicast IPs  as   so on

So does vlan 144 have a L3 vlan interface on another switch that is connected via a trunk or an access port in vlan 144 ie if you have a client in vlan 144 does it have a default gateway so it can send traffic to other vlans ?


Thanks Jon ,

VLAN 144 doesnot has L3 interface and looks like there is no IP defined for VLAN144. But i can assigne the subnet to this VLAN 144 , i will assign IP to it

and  make it as a Snooping Querier. does that sounds correct ,  again .. my multicast IPs are diffrent . and the reciver IP is in  range .

i am trying to figure out if Snooping Querier  is the IP of  system which is trying to request this multicast UDP packets . Or it should be the IP for the Switch .

the objective is we need some decoders to connet to this encoder for video.  Decoders generating Video and single encoder reviving them . i understand that for this unicast should be good idea , but our encoder do not support unicast .


once again thanks for your responce.

The snooping querier should be tied to the switch not the machine requesting the stream. It doesn't have to be the actual switch you are on it could configured on the switch with the vlan 144 L3 vlan interface as long as that switch was connected to your switch using a trunk with vlan 144 allowed on it.