09-20-2023 09:10 AM
In DM RAW output, it is found that the destination IP 239.255.255.250 is of UPnP (Universal Plug and Play)/SSDP (Simple Service Discovery Protocol). The devices are just advertising their capabilities. So higher the number of devices, higher will be the advertisement packets which causes high CPU.
TEST-Switch# dm raw
Debug: Jul 22 22:19:16 RX [3dcb7d2]192.168.2.130 ->239.255.255.250 PROTO=IGMP port: 2/3/2
Debug: Jul 22 22:19:16TX [3dcb7d2]192.168.2.130 ->239.255.255.250 PROTO=IGMP port: VIDX 20
Debug: Jul 20 22:19:16RX [3dcb7d2]192.168.1.149 ->239.255.255.250 PROTO=IGMP port: 1/3/4
Debug: Jul 20 22:19:16TX [3dcb7d2]192.168.1.149 ->239.255.255.250 PROTO=IGMP port: VIDX 20
Debug: Jul 22 22:19:16RX [3dcb7d2]192.168.1.99 ->239.255.255.250 PROTO=IGMP port: 2/3/2
Debug: Jul 22 22:19:16TX [3dcb7d2]192.168.1.99 ->239.255.255.250 PROTO=IGMP port: VIDX 20
Debug: Jul 22 22:19:16RX [3dcb7d2]192.168.2.91 ->239.255.3.22 PROTO=IGMP port: 2/3/2
Debug: Jul 22 22:19:16TX [3dcb7d2]192.168.2.91 ->239.255.3.22 PROTO=IGMP port: VIDX 20
Debug: Jul 22 22:19:16RX [3dcb7d2]192.168.2.153 ->239.255.3.22 PROTO=IGMP port: 1/1/18
Debug: Jul 22 22:19:16TX [3dcb7d2]192.168.2.153 ->239.255.3.22 PROTO=IGMP port: VIDX 20
The multicast group 239.255. 255.250 is used by the Simple Service Discovery Protocol (SSDP). Therefore, when SSDP is enabled on any servers or PCs, the servers or PCs send multicast packets with group address 239.255.
To block these packets, we need to apply below ACL on the switch and CPU utilization will comes to Normal or stable.
ACL:
#ip access-list extended DenySSDP
#sequence 10 deny ip any host 239.255.255.250
#sequence 20 permit ip any any
Apply to relevant vlan
#vlan <vlan_id>
#ip access-group DenySSDP in