The multicast-suppression block outbound command configures an interface to block outgoing unknown multicast packets.
The undo multicast-suppression block outbound command cancels the configuration.
By default, outgoing unknown multicast packets are not blocked on an interface.
Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, port group view
Usage Scenario
When an interface receives an unknown multicast packet, the interface broadcasts the packet to all users in the same VLAN. This may cause information leak. For example, if an unauthorized user is connected to an interface in a VLAN, the unauthorized user obtains the host address in unknown multicast packets by listening to unknown multicast packets and uses the host address to attack the host. To prevent information leak, use the multicast-suppression block outbound command to block outgoing unknown multicast packets on an interface if users connected to the interface do not need to receive unknown multicast packets.
Precautions
The multicast-suppression block outbound command is applicable only to interfaces where users do not need to receive unknown multicast packets. This command will affect network operations if it is used on an interface where users need to receive unknown multicast packets.
Traffic suppression can be configured for incoming and outgoing packets on an interface, and the configurations are independent of each other. On an interface, you can use the multicast-suppression command to limit the rate of incoming unknown multicast packets and use the multicast-suppression block outbound command to block outgoing unknown multicast packets.