Prevent multicast traffic between VLANs

g.ska · ‎03-31-2016

Hello everybody,

I've a question about multicast routing on Layer 3 switch. Currently we have a Layer 3 switch (Core switch: Catalyst 6880x) with SVI configured. Multicast routing is configured for some SVI (Ip pim sparse-mode). Is there a way to prevent multicast traffic between some VLAN and allowed for some other VLAN.

Example:

4 VLAN: VLAN 1, VLAN 2, VLAN 3, VLAN 4

Same application for all VLAN that use multicast address: 239.20.20.20

I'd like to allow multicast routing between VLAN 1 & 2 together (and deny to all other VLAN)

And allow mutlicast routing between VLAN 3 & 4 together (and deny to all other VLAN)

What's the best way to do this? ACL? Others solutions?

Thanks for your response.

Greg.

Mark Malone · ‎03-31-2016

Hi you can block/permit pim and igmp in an extended acl an apply it to the SVI interface

There is also ip igmp access-groups stop hosts locally joining but i have not seen that in pim that i can remember

(config-ext-nacl)#deny
<0-255> An IP protocol number
ahp      Authentication Header Protocol
eigrp    Cisco's EIGRP routing protocol
esp      Encapsulation Security Payload
gre      Cisco's GRE tunneling
icmp     Internet Control Message Protocol
igmp     Internet Gateway Message Protocol
ip       Any Internet Protocol
ipinip   IP in IP tunneling
nos      KA9Q NOS compatible IP over IP tunneling
ospf     OSPF routing protocol
pcp      Payload Compression Protocol
pim      Protocol Independent Multicast