Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

isolate an IGMP vlan


isolate an IGMP vlan

I have in a network one vlan igmp enabled, the streaming server and the clients are all connected to that vlan.

Nevertheless the core switch has an IP address (VRRP) in order to act as an IGMP querier.

Now I want to prevent that clients inside this subnet can reach the rest of my other network except one SIP server

Therefore I cam up with following access-list

ip access-list extended "IPTV"
   10 permit ip
   20 permit igmp
   30 permit udp eq 2209
   50 remark "VoIP_SIP to PBX"
   50 permit udp eq 5060
   60 remark "VoIP_rtp to PBX"
   60 permit udp gt 24000
   70 permit ip
   100 permit ip

As soon as I apply this ACL to the VLAN interface my streaming stops at the clients

vlan  600 
     ip access-group "iptv" vlan 

something is wrong on my ACL but I do not see it...