I have a switch HPE 1920-8G-PoE+ that is connected to two computers and two access points: Ubiquiti UniFi AP-Pro n450.
The access points receive data from many devices. The two computers send UDP segments to these devices (to the specific IP address) and exchange UDP segments between them (multicast address). The IP address of the wireless devices are in a known range.
Is there a way to filter the multicast UDP segments that are sent to the two access points? In other words I would like to configure the two ethernet ports used by the access points in such a way that they block all the multicast traffic which is not destined for the wireless devices.
Best Answer
Switches are not like hubs. Hubs repeat every frame out every port. Switches selectively send the layer-2 frames to the port where the receiving host is connected.
Switches are layer-2 devices, so they only look at the layer-2 frames, not the layer-3 (IP, etc.) packets, or the layer-4 (TCP, UDP, etc.) segments. Switches learn the MAC addresses which are connected on each port from the traffic through each port, and they only send frames destined for a MAC address on a port to that port. Switches will flood broadcast frames to every port (but that's the point of a broadcast, it is destined to every host on the broadcast domain), as well as unicasts which are not yet in its MAC address table.
The HPE 1920-8G-PoE+ is also a layer-3 switch. Layer-3 is where you will find IP packets, but layer-3 routing only sends IP packets to the ports which have the network of the destination IP address.
You didn't include any configuration, but I seriously doubt you have a problem with traffic which is not destined to a host connected to your WAPs traveling to your WAPs.
Edit:
Based on your comment about this being multicast, you need to use IGMP snooping to deal with your problem. Multicast frames, like broadcast frames, are usually sent to all switch ports in the same broadcast domain. IGMP snooping lets a switch snoop on IGMP messages to determine which switch ports should receive frames for which multicast groups. Your switch supports IGMP snooping:
You could also break up your layer-2 broadcast domain with VLANs.