Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blocking UDP on a Trunk to another switch...

Status
Not open for further replies.
aesselstein

aesselstein

IS-IT--Management
Apr 30, 2001
4
I have an ACL question. I recently trunked a Etherswitch to a 3750 with a "ethernet" 4mb link between the two. On the 3750 we have a lot of multicast traffic. About 40MB/Sec of UDP data rocks around the 3750..I'd like to allow only TCP own to the etherswitch b/c of the bandwidth limit.

The etherswitch is connected to Gig1/0/21
Switchport mode trunk

Should I just change it to switchport mode access to stop this?

I want to avoid making a config change that is immediately going to drop all UDP traffic in the 3750.

Was looking for help on a safe way to do this while in production.

ether:
interface FastEthernet0/0/0
description 4MB/S l2 Z side
switchport mode trunk
duplex full
speed 100

3750:
interface GigabitEthernet1/0/21
description 4/MBS l2 A side
switchport trunk encapsulation dot1q
switchport mode trunk
 
Sort by date Sort by votes

I hate to say this is not possible on the slim chance that it is, but I don't think it is without adding a transparent firewall. Here is why, Vlans and Trunks happen at layer two the data link layer. However UDP is a transport layer protocol suite for the Network layer protocol IP. This means that in order to block transport layer traffic you will need to either cross a layer three boundary or a transparent firewall. Transparent firewalls are the newest method for solving this problem and a ASA should do the trick. Basically it will act as a layer 2 bridge with filtering functionality. But if you want to do it with the hardware you have you can create separate layer 3 vlans, turn on IP routing, and set acls on the vlan interfaces. hope that helps

cheers
 
Upvote 0 Downvote
Think I'd take a completely different approach. Find out what is all the UDP traffic, and can you stop it at the source? Is there an application that is generating all this traffic that is not properly configured?

Option 2...use QoS to manage it.
 
Upvote 0 Downvote
It is basically all multicast traffic. I was thinking of blocking 224.0.0.0 through 239.255.255.255 on that interface. Or maybe looking into storm control.

The big thing Is i dont want to drop the interface or other multicast traffic in the switch, just away from that trunk.
 
Upvote 0 Downvote
So far,
looks like a scenario like this would be best

interface GigabitEthernet1/0/21
description 4/MBS l2 A side
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control multicast 0

...seems according to cisco that this would block all multicast traffic on that interface...anyone have strong experience with this? i would set it up now, but I dont want to risk dropping the interface to do it.

 
Upvote 0 Downvote
another option would be to add

switchport block multicast

thats another option I'm thinking
 
Upvote 0 Downvote

here is another option, if you can identify the hosts sending this traffic you can block them with a mac access-group. not sure if that will help

cheers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
569
madwok
madwok
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
353
CPM86
CPM86
B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
218
badwolf1686
B
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
306
testman1
testman1
jobsp90
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
248
DavetheChef
DavetheChef

Part and Inventory Search

Sponsor

Back
Top