SOLVED
Hello!
You need to implement IGMP snooping with drop unknown multicast streams. Check in the IP Multicast Configuration guide for details, but in overall you need:
- Enable IGMP snooping querier (if there is no IGMP querier in the VLAN) on the device, closest to the multicast source
- Enable IGMP snooping on all switches between multicast source and listeners
- Set statically multicast Router ports on all switches to point to the multicast source
- Enable " igmp-snooping drop-unknown" feature, as by default IGMP snooping will regulate only known streams, e.g. groups for which it saw a pair of IGMP query-IGMP report.
Hope it helps!
Hello!
The IGMP querier (in your case it will be IGMP snooping querier since you don't have multicast routing in this case) is the crucial part - without periodical queries IGMP snooping process won't be able to map multicast groups to active receivers. So, in your case configuration should be:
#
igmp-snooping
#
[vlan 2]
name X
igmp-snooping enable
igmp-snooping drop-unknown
igmp-snooping querier
#
[vlan 3]
name Y
igmp-snooping enable
igmp-snooping drop-unknown
igmp-snooping querier
#
[vlan 4]
name Z
igmp-snooping enable
igmp-snooping drop-unknown
igmp-snooping querier
#
Another useful feature to consider is multicast source port filtering:
"This feature enables the Layer 2 device to discard all multicast data packets and to accept multicast
protocol packets. You can enable this feature on ports that connect only to multicast receivers."
system-view
igmp-snooping
source-deny port <interface-list>
Thus, you can prevent printers, computers and other hosts from sending multicast data. However, be careful with that, as many protocols that have some kind of network neighbors discovery can stop working properly. So, it's a double-edged sword, be careful with it