This is exactly what we had to do, we couldn't even get to the boxes,
I had a NOC engineer go and console them out of band and run a
"sh port util" to find out whom the offenders were, before disabling their
ports.
Extreme were unhelpful, suggesting that we apply the ACL (advisory released
~6 hours after we had done it!) which really made no difference.
As for multicast, I'd made sure that all VLANs had IGMP,IGMP SNOOPING and
IPMC FORAWRDING disabled, but it made no real difference....
Dave.