WS-C2960X-48FPD-L

This is a layer two switch. How can I block mDNS on a layer 2 VLAN?

I'm not sure you're going to be able to. Are you trying to keep that traffic local on the switch? The mdns traffic multicast group isn't routable, so it wouldn't cross vlans. Is igmp snooping enabled on the switch?

I am trying to keep the traffic local to the switch. The apple TVs and ipads are on the same network.

I figured it out. The access-list is below:

ip access-list extended Block_mDNS

 deny udp 10.1.4.0 0.0.3.255 any eq 5353

 permit ip any any 

At the uplink trunk ports I added

ip access-group Block_mDNS in

This restricts the mDNS traffic to only the switch where it originated. 

Good info..thanks!

I've never done this, so I'm not sure what else this will break, but you could try this on the switch:

mac access-list extended ATV
deny any host 01:00:5e:00:00:fa
deny any host 01:00:5e:00:00:fb
permit any any

Go to the interface that the apple tv is on:

mac access-group ATV in

I'd be curious to see what that does. The mac addresses are the multicast group in mac format. They can match on multiple multicast groups, so that's why I said I'm not sure what else it will break in your environment.

HTH,

John