11-29-2010 04:07 AM - edited 03-06-2019 02:15 PM
Hi,
A multicast server is connecting to a layer-3 port with multicast int ip addresses on the switch end and server end.
i'm looking to block all (except the must haves!) UNICAST traffic and allow only multicast.
What ACL commands would be needed.
this infact would be a replica of layer-2 "switchport block unicast" command as a layer-3 "acl xxxx" command.
please suggest ways.
Sri
Solved! Go to Solution.
11-29-2010 05:03 AM
Hi Sri,
You need to allown traffic coming from the source of the Multicast in your ACL as well, so it should look like this:
access-list 10 permit (Multicast source) any
access-list 10 deny 0.0.0.0 223.255.255.255
access-list 10 permit any
HTH
Mohamed
11-29-2010 04:23 AM
Hi,
This command is a layer-2 command , its intended to block all Unknown unicast frames recieved by a Switch port, its usually used in conjunction with (Switch port protected) command.
If you want to block ALL unicast packet and allow only multicast on a a layer-3 interface, your ACL should look like this:
access-list 10 deny 0.0.0.0 223.255.255.255
access-list 10 permit any.
The above ACL would block all unicast message and allow only multicast subnet range. However as I said, the command you specified is used to block all UNKNOWN unicast frames and not all unicast frames.
HTH
Mohamed
11-29-2010 04:45 AM
Thanks Mohamed.
Noticed your comment about layer-2 command only applicable for unknowns.
Thanks for the guidance on layer-3 command. I'm going to use this (will take time) and get back to you with results.
(One more question: isn't any of the unicast traffic is a must have to have this layer-3 link working?)
Sri
11-29-2010 05:03 AM
Hi Sri,
You need to allown traffic coming from the source of the Multicast in your ACL as well, so it should look like this:
access-list 10 permit (Multicast source) any
access-list 10 deny 0.0.0.0 223.255.255.255
access-list 10 permit any
HTH
Mohamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide