Defining Broadcast and Multicast Filters
You can filter Layer 2 broadcast and multicast packets on specific ports.
Layer 2 broadcast packets have the value "FFFFFFFFFFFF" (all ones) in the destination MAC address field.
You can configure broadcast filters for all types of IP packets or for UDP packets.
Layer 2 multicast packets have a multicast address in the destination MAC address field. You can configure
multicast filters to filter on all MAC addresses or a specific multicast address.
You can configure up to eight of each type of filter.
To configure a Layer 2 broadcast or multicast filter, you define the filter globally to either filter out all types of
broadcasts or to filter out only IP UDP broadcasts. After configuring a broadcast or multicast filter, you apply it to
specific ports. Broadcast and multicast filters apply only to outbound traffic.
When defining the filter, you can specify a port-based VLAN ID. If a port is a member of more than one VLAN and
is a tagged port, specifying a VLAN ID causes the filter to be applied only to traffic for the specified VLAN on the
tagged ports to which you apply the filter. Otherwise, the filter applies to all the VLANs of which the port is a
The filters are applied in numerical order, beginning with filter number 1. As soon as the software finds a matching
filter for a given packet, the filtering process stops for that packet. For example, if you configure filter 1 to filter all
broadcast traffic and filter 2 to filter only IP UDP traffic, filter 1 will always be true for any broadcast packet, and
thus the software will never consult filter 2 for ports that you configure to use filter 1.
Configuring a Layer 2 Broadcast Filter
To configure a broadcast filter, you must have access to the CONFIG level of the CLI. You can configure up to
eight broadcast filters on a device.
Syntax: [no] broadcast filter <filter-id> any | ip udp [vlan <vlan-id>]
Syntax: [no] exclude-ports ethernet <portnum> to <portnum>
Syntax: [no] exclude-ports ethernet <portnum> ethernet <portnum>
The exclude-ports command specifies the ports to which the filter applies.
The <filter-id> specifies the filter number and can a number from 1 – 8. The software applies the filters in
ascending numerical order. As soon as a match is found, the software takes the action specified by the filter
(block the broadcast) does not compare the packet against additional broadcast filters.
You can specify any or ip udp as the type of broadcast traffic to filter. The any parameter prevents all broadcast
traffic from being sent on the specified ports. The ip udp parameter prevents all IP UDP broadcasts from being
sent on the specified ports but allows other types of broadcast traffic.
If you specify a port-based VLAN ID, the filter applies only to the broadcast domain of the specified VLAN, not to
all broadcast domains (VLANs) on the device.
As soon as you press Enter after entering the command, the CLI changes to the configuration level for the filter
you are configuring. You specify the ports to which the filter applies at the filter's configuration level.
NOTE: This is the same command syntax as that used for configuring port-based VLANs. Use the first
command for adding a range of ports. Use the second command for adding separate ports (not in a range). You
also can combine the syntax. For example, you can enter exclude-ports ethernet 1/4 ethernet 2/6 to 2/9.
To configure a Layer 2 broadcast filter to filter all types of broadcasts, then apply the filter to ports 1/1, 1/2, and
1/3, enter the following commands:
HP9300(config)# broadcast filter 1 any
HP9300(config-bcast-filter-id-1)# exclude-ports ethernet 1/1 to 1/3
Configuring Basic Features
9 - 55