I am considering blocking Broadcast and Multicast traffic through my network. Im just not sure what the ramifications are of doing so...
What services would I be blocking if I drop all broadcast and multicast packets?
(Discovery, NTP, OSPF, ... ?)
-
-
StubArea51
Trainer
- Posts: 1739
- Joined:
- Location: stubarea51.net
- Contact:
Re: Block Broadcast and Multicast, Consequences of doing so?
You would effectively shut down your network....IPv4 requires Layer2 multicast and broadcast for ARP to work along with a number of other protocols.
Limiting the rate of broadcast/multicast traffic would be a better solution...you accomplish this by turning on the firewall for bridge traffic in bridge settings and writing rules to limit broadcast/multicast appropriately.
Limiting the rate of broadcast/multicast traffic would be a better solution...you accomplish this by turning on the firewall for bridge traffic in bridge settings and writing rules to limit broadcast/multicast appropriately.
Re: Block Broadcast and Multicast, Consequences of doing so?
You would effectively shut down your network....IPv4 requires Layer2 multicast and broadcast for ARP to work along with a number of other protocols.
Limiting the rate of broadcast/multicast traffic would be a better solution...you accomplish this by turning on the firewall for bridge traffic in bridge settings and writing rules to limit broadcast/multicast appropriately.
I see. Is there any way to distinguish the traffic, arp or otherwise? If I was using a static apt table, would blocking multicast/broadcast prevent clients from communicating with the gateway? Would doing so also isolate clients from each other on this network?
Thanks for the response.
-
-
StubArea51
Trainer
- Posts: 1739
- Joined:
- Location: stubarea51.net
- Contact:
Re: Block Broadcast and Multicast, Consequences of doing so?
Is your goal to isolate clients at Layer 2?
Re: Block Broadcast and Multicast, Consequences of doing so?
Is your goal to isolate clients at Layer 2?
Yes, definitely. I'm also not sure what an acceptable level of broadcast/multicast traffic would be on a medium sized bridged network.
-
-
StubArea51
Trainer
- Posts: 1739
- Joined:
- Location: stubarea51.net
- Contact:
Re: Block Broadcast and Multicast, Consequences of doing so?
Wireless, Wired or Both?
-
-
StubArea51
Trainer
- Posts: 1739
- Joined:
- Location: stubarea51.net
- Contact:
Re: Block Broadcast and Multicast, Consequences of doing so?
Wireless, Wired or Both?
Re: Block Broadcast and Multicast, Consequences of doing so?
Wireless, Wired or Both?
It's both. At the head end, I have a tough switch powering various access points, though. Can't do port isolation without implementing VLANs first on those devices..
So while clients can't speak with their next door neighbors (attached to the same rb2011 or cloud router switch), they could communicate with clients connected to other access points.
-
-
StubArea51
Trainer
- Posts: 1739
- Joined:
- Location: stubarea51.net
- Contact:
Re: Block Broadcast and Multicast, Consequences of doing so?
For wireless - check the following setting on the WLAN
it varies depending on the switch, but Private VLANs/Port Isolation are the way to go.
ros code
default-forwarding=noFor wired
it varies depending on the switch, but Private VLANs/Port Isolation are the way to go.