Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4152
Views
0
Helpful
5
Replies

Block specific multicast traffic in C2960

narainarun
Level 1
Level 1

‎03-17-2011 01:57 AM - edited ‎03-06-2019 04:07 PM

Hi,

I have a requirement where two routers are connected over Cisco 2960 switch wherein C2960 should block only specific multicast group. The reason is two routers are running OSPF and other multicast groups and that should not be disturbed. I cannot do this with "storm control" because it does block for all multicast group and even with "igmp filter" as it is actual multicast traffic not just IGMP. So I thought of making use of MAC ACL.

I created a MAC ACL like below to block MC traffic of group 239.255.255.255 and permit others (including OSPF MC) and applied it under the physical interface.

Extended MAC access list mcjoin
    deny   any host 0100.5e7f.ffff
    permit any any

interface <name>

mac access-group mcjoin in

But after this also the MC traffic is flowing through. Then I tried doing this with IP based ACL which works fine.

Extended IP access list 100
    10 deny ip any host 239.255.255.255
    20 permit ip any any

interface <name>

ip access-group 100 in

Would like to know whether MAC ACL will not work for blocing/allowing multicast traffic? Also is there any other better way to do this in Cisco 2960 switches?

thanks in advance

Arun

Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎03-17-2011 02:38 AM

Arun,

I would suggest and "IGMP Filter" and I am pretty sure the 2960 supports this.

HTH>

0 Helpful

narainarun
Level 1
Level 1
In response to andrew.prince

‎03-17-2011 03:14 AM

Hi Andrew,

Thanks for the response. But I think "ip igmp filter" only filters the IGMP traffic flow between router and host not the multicast traffic flow between two routers and will be useful when the users are connected to the switch. I tried with "ip igmp filter" but that didnt work out.

In this case, two routers are connected over this C2960 switch and should block the multicast traffic flow between the routers.

thanks

Arun

0 Helpful

andrew.prince
Level 10
Level 10
In response to narainarun

‎03-17-2011 03:23 AM

Arun,

The IGMP filter instructs the switch to allow which hosts can join a group. So I suggested this as an alternative solution.

If you want to stop the 2 routers to not be able to exchange just Multicast traffic this does not include dynamic routing multicasts - then disable multicast routing on the specific LAN interfaces - no pim x/x

HTH>

0 Helpful

narainarun
Level 1
Level 1
In response to andrew.prince

‎03-17-2011 04:05 AM

Hi Andrew,

Apologies as I have not clearly given my requirement in the first update itself. In the real scenario, we do no have access to the two routers and we only manage a part of the network and the rest of the network is outsourced to another managed partner. Only the switch is under our control and we are asking the customer to stop sending that specific multicast group (in our case it is 239.255.255.255). Till that time we need to have a way to block specific multicast traffic in the switch and allow other multicast groups (except multicast group 239.255.255.255). Thanks again for your answer.

thanks

Arun

0 Helpful

andrew.prince
Level 10
Level 10
In response to narainarun

‎03-17-2011 04:29 AM

Arun,

In that case I see your only option is an ACL.  And just in case there are a few IGMP Joins mixed in there try the below:-

ip access-list extended bmc

deny ip any host 239.255.255.255

permit ip any any

interface x/x
ip access-group bmc in

ip igmp access-group bmc

Regards,

Andrew.

0 Helpful
Customers Also Viewed These Support Documents