Hi,

I currently have all my network setup in a single subnet 192.168.10.0 (255.255.255.0). Managing it into VLANs will be planned only in 3-6 months.

I have a guest/client network range (192.168.10.64/26) managed via ACL rules on the switch.

I have a DLNA server multicasting media documents from 192.168.10.30.

Currently, for testing, guest/client network range is blocked from accessing the remaining LAN using ACL rules:

- ACL: Block Guest Access to LAN

- ACE:

+ Priority 1, Deny, Protocol Any (IP), source 192.168.10.64 (255.255.255.192), destination 192.168.10.0 (255.255.255.0)
+ Priority 2, Deny, Protocol Any (IP), source 192.168.10.0 (255.255.255.0), destination 192.168.10.64 (255.255.255.192)

Testing shows that hosts in 192.168.10.64/26 range don't have access to LAN resources, except the multicast data broadcasted from 192.168.10.30 ! So, it seems that the above ACL rules are not blocking Multicast !

I went in multicasting and enabled the below setup in screenshots:

Broadcasting is done from port 7, guest/client network is connected from port 3.

Despite this, any client connected on port 3 and within the 192.168.10.64/26 range can access the broadcasting.

Putting GE7 on "None" doesn't prevent broadcasting to all the network.

Enabling IGM snooping status and querier doesn't change the scenario.

Am I doing it wrong or the Multicast filtering is broken in SG350 switch ?

Note: for now, I really need to fix this without setting up VLANs