I have a 3560X switch with interfaces 36-48 on the same LAN. All interfaces are switchports. Hosts on 38, 39 and 40 are multicast senders: all sending to the same single multicast address. Hosts on 36 and 37 are receivers, having joined that multicast group. I created an SVI for the LAN and put it in ip pim passive. (That is the only PIM mode allowed for an SVI with my IOS.) Show ip igmp snooping groups shows that 36 and 37 are the only interfaces in this group. I attach a laptop to interface 42 and Wireshark, and the laptop is receiving the multicast traffic. The laptop does not join the group. I expect it would not see the traffic. Is my expectation wrong, or is something missing in my config? Thanks.
If they are all in the same vlan then all the ports receive the general query, but then specific host (in your case ports 36 and 37) join the multicast group.
Have a look at this for more info:
The hosts on 36 and 37 receive the traffic, as expected. That's not the problem. The problem is that the host on interface 42, which does NOT join the group, also receives the traffic. Expected behavior is that the switch only sends traffic out interfaces that have hosts that have joined the group. The host on 42, a laptop, has Wireshark running,I should not see the multicast traffic on Wireshark. Yet I do. I want to prevent 42 from getting the multicast.
I can't use sparse mode on the SVI. Because of the IOS, ip pim passive is the only PIM setting allowed. I am using PIM passive. However, igmp snooping is active, and "show ip igmp snooping groups" shows that 36 and 37 are the only interfaces in this group. That's why I would not expect to see the multicast traffic on another interface in this LAN, and yet I do see it.