We have recently installed about 20 Cisco/LinkSys SRW2008 network switches for use as desktop switches on our network. Our monitoring software has detected that they are constantly sending out SSDP broadcasts (specifically: SSDP:Request, NOTIFY * ). Since there are 20 of these switches, our network is getting flooded. Is there a way to disable SSDP broadcast on the switches? I have looked on line but have not been able to find any info.
SSDP is part of UPnP and uses UDP with a multicast address.
Check your workstations to confirm the UPnP service is running, then turn it off or remove IGMP snooping from the specific VLAN is worth a try.
Thanks for the advice but unfortunately that did not seem to do it.
I checked the switches and they all have IGMP snooping set to disabled. (There is only one VLAN as we have a flat network.)
I checked the PCs connected to two of the switches and some of them did have the Universaol Plug and Play service started. As a test, I stopped it remotely on the all PCs connected to those two switches and then monitored just those particular switches, but they are still sending out the SSDP broadcast.
OK - well the issue could be the switches themselves, and well behaved switch will treat an unknown multicast as a broadcast - they could be UPnP/SSDP compliant and they are sending out the SSDP frames.
So lets attack this from a different angle - enable IGMP snooping on the flat VLAN, then the switch will only copy/forward SSDP multicasts to ports that the switch has recevied the IGMP join on. I have no idea if this model/ver of switch is IGMP v2 capable (understand IGMP Leave Messages/Group Join Messages)
If you have turned of UPnP on ALL workstations - in theory there should be no SSDP unless the switches are generating them or they are comming from a source you have missed?