Prevent multicast routing between VLANs

g.ska · ‎09-24-2015

Hi everybody,

I have a problem with multicast in my company. We have a Catalyst 6880x as Core switch (with multiple SVI configured). We have configured "ip multicast-routing" (in global config mode) and ip pim sparse-dense-mode on SVI that require multicast routing. We have a common vlan for users PC (VLAN ID 500) and some others VLAN for business devices (600, 601, 602, etc...).

Mutlicast source is always on 6XX vlan (not in 500).

Problem is: Everyone can see everyone in multicast (vlan 500 with vlan 600,601,etc...).I need that people on VLAN 500 can see devices all devices but devices on VLAN 600,601,602 does not need to see each other.

Is there a way to do that? ACL on SVI (for vlan 600,601,602)??? Other solution?

Same questions for unicast routing. When "ip routing" is enabled in global config mode. Is there a (easy) way to prevent inter-vlan routing? (Other than ACL)?

Thank you very much for your help.

Greg.

Jon Marshall · ‎09-24-2015

Greg

Not sure I understand the issue.

Unless there are receivers requesting the stream on a vlan then the multicast should not be sent into that vlan.

Are you saying it is being sent or that even if there are receivers you don't want them to see the stream ?

In terms of unicast routing you can use acls but you could also consider VRFs.

However it depends on what needs to see what ie. using VRFs is great if you need complete isolation but if you need traffic between VRFs eg internet it can get a bit messy with importing and exporting routes.

Really depends on your specific requirements but acls are usually the easiest unless you need more security than stateless acls give you.

Jon