Re: UPnP on single vlan across layer 2 network

wherewolf · ‎09-23-2025

I'm trying to allow UPnP ( I know - bad, don't do it, unsafe blah blah) on a single vlan dedicated to gaming. I've got a pfsense firewall with upnp enabled handling all traffic for this vlan to the internet.

access switch (VLAN122) -> Core Switch (VLAN122)-> PfSense inside (VLAN 122) -> PFsense Outside (DMZ)-> Edge Router

I'm not able to see the Pfsense UPNP capability, pings and traceroutes work fine. I run the miniupnp utility "upnpc" with the -s switch (from a clientPC) and get "No IGD Device Found on the network!"

There isn't alot of info out there in the Cisco world relating to this, but it's my understanding that i do not need Multicasting or Pim because the use is within a single layer 2 boundary (VLAN 122).

Does anyone have any insight on this?

Torbjørn · ‎09-24-2025

You might have to configure/disable igmp snooping. Which switches are you using?

If you wish to just disable it you can do so with this command in configuration mode: "no ip igmp snooping"

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

wherewolf · ‎09-24-2025

Thanks for the help!

The core switch is a 6807-XL and the access layer are primarily 3650's. Since igmp snooping is on by default, is it possible to disable it per vlan? or is it a global command? I assume it's on by default for a reason. However, we are not using any multicasting in this environment.

Giuseppe Larosa · ‎09-24-2025

Hello @wherewolf ,

yes you can disable igmp snooping on a specific vlan in your case vlan 122.

using:

conf t

no igmp snooping vlan 122

Hope to help

Giuseppe

wherewolf · ‎09-24-2025

On my core switch (C6807-XL Version 15.5(1)SY13 ) that command doesn't work.

I also tried it on the VLAN config, doesn't seem to work there either....