cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11358
Views
0
Helpful
6
Replies

Multicast filtering on Catalyst 2960

emmanuelrr
Level 1
Level 1

Hi all

I have a Catalyst 2960 with LANBASE 12.2(44)SE2 software.

On port Fa0/1 associated with vlan 1 I have two UDP multicast traffic (A and B) coming from an appliance. On the network attached to port Fa0/2 (associated to vlan 1) it should not be available the multicast traffic B.

I saw that I can filter with an access-list the multicast data entering a switchport, but not outgoing.

Any idea of how I can proceed to filter such traffic?

Thanks

Best regards

--

E. Richiardone

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

emmanuelrr wrote:

Hi all

I have a Catalyst 2960 with LANBASE 12.2(44)SE2 software.

On port Fa0/1 associated with vlan 1 I have two UDP multicast traffic (A and B) coming from an appliance. On the network attached to port Fa0/2 (associated to vlan 1) it should not be available the multicast traffic B.

I saw that I can filter with an access-list the multicast data entering a switchport, but not outgoing.

Any idea of how I can proceed to filter such traffic?

Thanks

Best regards

--

E. Richiardone

When you say it should not be available do you mean that evein if a host attached to fa0/2 requested it it still should not be available or simply that by default you do not want that traffic to be sent out the port ?

Jon

Jon,

I mean that I don't want that traffic to be sent out from the port Fa0/2 by default.

But in any case, on the network attached to Fa0/2 no host will ask for multicast B.

Any idea?

Thanks

emmanuelrr wrote:

Jon,

I mean that I don't want that traffic to be sent out from the port Fa0/2 by default.

But in any case, on the network attached to Fa0/2 no host will ask for multicast B.

Any idea?

Thanks

IGMP snooping is enabled by default on your switch but you need something to make the IGMP queries. Fortunately you have the IGMP snooping querier function available with this IOS so if you enable this then only those ports that request the multicast traffic should receive it -

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swigmp.html#wp1193337

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Hi Jon,

The problem is, that the appliance that generate the two multicast traffic isn't IGMP aware. I've deployed some configuration but I'm not able to filter the traffic.

I start thinking that it's not possible to do my job with a catalyst; the problem is that I need to apply an access-group to an interface in the "out" direction.

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi all

I have a Catalyst 2960 with LANBASE 12.2(44)SE2 software.

On port Fa0/1 associated with vlan 1 I have two UDP multicast traffic (A and B) coming from an appliance. On the network attached to port Fa0/2 (associated to vlan 1) it should not be available the multicast traffic B.

I saw that I can filter with an access-list the multicast data entering a switchport, but not outgoing.

Any idea of how I can proceed to filter such traffic?

Thanks

Best regards

--

E. Richiardone

Hi Richiardone,

You can use extended ACL to block multicast packets.The best and better is block in incoming interface let say if your servers are in address block 10.10.10.0 /24, you might only allow multicast coming from official servers.

Create the following access list (ACL) and apply it to all inbound interfaces.

ip access-list extended ipmc-source
permit ip host 10.10.10.0.0 0.0.0.255 224.0.0.0 15.255.255.255
permit ip any 224.0.0.0 0.0.1.255
deny ip any 224.0.0.0 15.255.255.255 log
permit ip any any

interface ethernet0
ip access-group ipmc-source in

You can apply the ACL as per the direction of the flow.

Hope to Help !!

Ganesh.H


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Ganesh,

I cannot select the multicast traffic using the source address, because either the multicast address A and B are coming from the same interface of the same host.

The problem is that I don't know how to filter on the outgoing interface, not incoming.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: