Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
889
Views
0
Helpful
3
Replies

Block unicast on layer-3 port

Go to solution
SSS999888
Level 1
Level 1

‎11-29-2010 04:07 AM - edited ‎03-06-2019 02:15 PM

Hi,

A multicast server is connecting to a layer-3 port with multicast int ip addresses on the switch end and server end.

i'm looking to block all (except the must haves!) UNICAST traffic and allow only multicast.

What ACL commands would be needed.

this infact would be a replica of layer-2 "switchport block unicast" command as a layer-3 "acl xxxx" command.

please suggest ways.

Sri

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to SSS999888

‎11-29-2010 05:03 AM

Hi Sri,

You need to allown traffic coming from the source of the Multicast in your ACL as well, so it should look like this:

access-list 10 permit (Multicast source) any

access-list 10 deny 0.0.0.0 223.255.255.255

access-list 10 permit any

HTH

Mohamed

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mohamed Sobair
Level 7
Level 7

‎11-29-2010 04:23 AM

Hi,

This command is a layer-2 command , its intended to block all Unknown unicast frames recieved by a Switch port, its usually used in conjunction with (Switch port protected) command.

If you want to block ALL unicast packet and allow only multicast on a a layer-3 interface, your ACL should look like this:

access-list 10 deny 0.0.0.0 223.255.255.255

access-list 10 permit any.

The above ACL would block all unicast message and allow only multicast  subnet range. However as I said, the command you specified is used to block all UNKNOWN unicast frames and not all unicast frames.

HTH

Mohamed

0 Helpful

Go to solution
SSS999888
Level 1
Level 1
In response to Mohamed Sobair

‎11-29-2010 04:45 AM

Thanks Mohamed.

Noticed your comment about layer-2 command only applicable for unknowns.

Thanks for the guidance on layer-3 command. I'm going to use this (will take time) and get back to you with results.

(One more question: isn't any of the unicast traffic is a must have to have this layer-3 link working?)

Sri

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to SSS999888

‎11-29-2010 05:03 AM

Hi Sri,

You need to allown traffic coming from the source of the Multicast in your ACL as well, so it should look like this:

access-list 10 permit (Multicast source) any

access-list 10 deny 0.0.0.0 223.255.255.255

access-list 10 permit any

HTH

Mohamed

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card