Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
31257
Views
7
Helpful
9
Replies

ACL to block broadcast and multicast on one switch port

stefan-stefan
Level 1
Level 1

‎07-12-2009 11:48 PM - edited ‎03-06-2019 06:43 AM

Hello,

This is probably going to be a very easy question for most of you but it would help me quite a bit.

What I want on one of our 3560 series switches is to prevent any broadcast and multicast traffice going to a port.

The reason for this is that there is a router behind it (not ours but supplied by our telecom company) which makes a connection to another office and I want the line (as its not a very big one) to be as clean as possible.

Its probably going to be something like this but just not sure if this is correct :

access-list 10 deny 255.0.0.0 0.255.255.255

access-list 10 deny 224.0.0.0 7.255.255.255

access-list 10 permit any

Thanks!

Labels:
0 Helpful
9 Replies 9

stefan-stefan
Level 1
Level 1
In response to andrew.prince

‎07-13-2009 03:25 AM

So should I use protected ports instead ?

The article doesn't mention ACL's.

0 Helpful

andrew.prince
Level 10
Level 10
In response to stefan-stefan

‎07-13-2009 03:52 AM

I was thinking more along the lines of port blocking, this will block multicast and unicast.

Remember a router will NOT forward broadcasts.

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to andrew.prince

‎07-13-2009 04:47 AM

Stefan,

Do you really want to do that way? (grin)

!

Switch(config)# interface gigabitethernet X/Y

Switch(config-if)# storm-control multicast level 0

Switch(config-if)# storm-control broadcast level 0

!

Let's start from here: http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swtrafc.html

HTH,

Toshi

ajenks
Level 1
Level 1
In response to Thotsaphon Lueangwattanaphong

‎10-21-2011 08:09 AM


I am just looking at this document for a similar requirement as the original post - but isn't storm control for Ingress traffic?

0 Helpful

andrew.prince
Level 10
Level 10
In response to ajenks

‎10-21-2011 08:21 AM

Correct - do you think that a switch just generates broadcast/unicast.multicast packets itself??

They HAVE to come IN from a port.

0 Helpful

ajenks
Level 1
Level 1
In response to andrew.prince

‎10-21-2011 09:12 AM

Sure - but the original post was about not forwarding this traffic OUT through a specific port, so Egress (something I want to do) but dont think this is possible?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Thotsaphon Lueangwattanaphong

‎10-21-2011 10:32 AM

Hi,

if you do this

Switch(config-if)# storm-control multicast level 0

Then no more traffic will enter the port as soon as multicast packet enters the port   because storm-control for multicast wiil block unicast also when the threshold is hit.

Alain.

Don't forget to rate helpful posts.
0 Helpful

kishan1984
Level 1
Level 1

‎07-14-2009 04:34 AM

try enabling igmp snooping(default is enable) and also type one command to enable switch to itself function as a igmp querier.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card