Filter UDP on VLAN on Portchannel
10-01-2019 02:54 AM
we got serveral Guest Networks. In each of them is a firewall the gateway. The controllers got a Port-Channel with a few VLANs in these L2 Networks. When I am sniffing I'll see a lot of UDP Broadcasts which are sourced by the HA protocol of the firewall Cluster.
Is there a way to filter UDP Broadcasts on the VLAN on the Port-Channel? They are not needed in the air. The Firewall has no option so the only way would be an ACL? Maybe someone has the same problem in the guest-network. The VLAN itself on the controller has no BC-MC Option enabled. The "Air" part of the VLAN has it enabled.
Thanks for feedback
Re: Filter UDP on VLAN on Portchannel
10-04-2019 08:03 AM
Enabling BC-MC Optimisation on the VLAN would stop any broadcast or multicast packets being forwarded.
Word of caution, enabling BC-MC Optimisation at the VLAN level, if APs sit in that VLAN as well and require ADP to locate a controller, this would stop ADP working as the controller would not respond to the multicast requests when the AP boots.