On Wed, 2011-07-13 at 12:59 +0100, Antonio Soares wrote: > Usually the multicast streams are destined to 224.x.x.x. The end users do > not respect the 239 rule.
Beware that traffic to 224.0.0.0/24 (Local Network Control Block) is _always_ process switched and will never be blocked by any switch. As long as these addresses are used the traffic will be punted. I could imagine that the LNCB addresses were used exactly because they're always forwarded. They might have tried using 239-addresses (Organization-Local Scope) but maybe couldn't get it to work. Typically Cisco access switches are running IGMP Snooping, and will not forward multicast traffic without either an IGMP Snooping Querier or a PIM enabled device on the VLAN (unless it's LNCB). If all traffic is intra-VLAN you could just add "ip igmp snooping querier" to the relevant SVI and move the clients to 239.x.y.z addresses. You could also block traffic to these multicast addresses on the SVIs with (hardware) ACLs. Beware that OSPF, HSRP et cetera actually use LNCB addresses, and it's probably not smart to block these. -- Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/