Why I'm getting all of this multicast traffic, and how to restrict it on particular vlan

Question

I have small network in my home, which contains 1x router, 2x switch, 1x ap, some computers and phones. Aa I also have two servers in cluster (Proxmox) and one QNAP NAS storage, which I use to store my files.

Some months ago I started using IPTV, I have set-top box from Amiko company, and using it to watch IPTV television with Kodi. This box is placed on vlan6 (192.168.40.0/24) (which is in LAN segment of the picture) because I know the IPTV traffic should be in separate vlan.

Below you can see logical view of the entire network:

As you see, I'm using Mikrotik hEX as main router, to terminate the ISP public IP address, doing some firewall,NAT and routing stuff. As far the Internet is terminated here, I expect to see some multicast traffic because of IPTV, also Mikrotik have vlan6 enabled, but let see the configuration of the ports:

[admin@hellhound.home.lan] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS
 0  R  ;;; Link to ISP
       ether1                              ether            1500  1596       2026 B8:69:F4:DB:DA:1A
 1  RS ;;; Link to Cisco switch
       ether2                              ether            1500  1596       2026 6C:3B:6B:59:94:1D
 2  RS ;;; Link to Mikrotik access point
       ether3                              ether            1500  1596       2026 6C:3B:6B:59:94:1E
 3  X  ;;; Unused
       ether4                              ether            1500  1596       2026 6C:3B:6B:59:94:1F
 4  X  ;;; Unused
       ether5                              ether            1500  1596       2026 6C:3B:6B:59:94:20
 5  R  bridge                              bridge           1500  1596            6C:3B:6B:59:94:1D
 7  R  ;;; Vlan2 (192.168.0.0/24)
       vlan2-tag                           vlan             1500  1592            6C:3B:6B:59:94:1D
 8  R  ;;; Vlan3 (192.168.10.0/24)
       vlan3-tag                           vlan             1500  1592            6C:3B:6B:59:94:1D
 9  R  ;;; Vlan4 (192.168.20.0/24)
       vlan4-tag                           vlan             1500  1592            6C:3B:6B:59:94:1D
10  R  ;;; Vlan5 (192.168.30.0/24)
       vlan5-tag                           vlan             1500  1592            6C:3B:6B:59:94:1D
11  R  ;;; Vlan6 (192.168.40.0/24)
       vlan6-tag                           vlan             1500  1592            6C:3B:6B:59:94:1D
[admin@hellhound.home.lan] >

Below you can see detailed information about interfaces:

[admin@hellhound.home.lan] >

 1 RS ;;; Link to Cisco switch
      name="ether2" driver-rx-byte=8 086 346 162 985 driver-rx-packet=8 497 403 137 driver-tx-byte=9 773 452 609 711 driver-tx-packet=9 060 307 937 rx-bytes=8 136 450 389 192
      rx-packet=8 500 830 242 rx-too-short=0 rx-64=300 056 rx-65-127=3 184 053 446 rx-128-255=32 101 321 rx-256-511=108 841 856 rx-512-1023=15 702 206 rx-1024-1518=5 167 902 503
      rx-too-long=0 rx-broadcast=635 679 rx-pause=0 rx-multicast=7 435 462 rx-fcs-error=0 rx-align-error=0 rx-fragment=0 rx-jabber=0 rx-drop=0 tx-bytes=9 809 890 367 273
      tx-packet=9 058 500 770 tx-64=84 233 804 tx-65-127=2 421 432 836 tx-128-255=42 937 817 tx-256-511=137 437 551 tx-512-1023=47 563 760 tx-1024-1518=6 326 702 104 tx-broadcast=230 527
      tx-pause=0 tx-multicast=1 576 570 tx-collision=0 tx-excessive-collision=0 tx-multiple-collision=0 tx-single-collision=0 tx-deferred=0 tx-late-collision=0 tx-drop=0 tx-fcs-error=0

 2 RS ;;; Link to Mikrotik access point
      name="ether3" driver-rx-byte=24 904 213 698 driver-rx-packet=31 434 954 driver-tx-byte=117 049 286 733 driver-tx-packet=86 389 672 rx-bytes=25 030 676 572 rx-packet=31 351 349
      rx-too-short=0 rx-64=9 944 483 rx-65-127=1 899 968 rx-128-255=3 695 745 rx-256-511=328 864 rx-512-1023=130 332 rx-1024-1518=15 440 208 rx-too-long=0 rx-broadcast=11 047 rx-pause=0
      rx-multicast=77 204 rx-fcs-error=0 rx-align-error=0 rx-fragment=0 rx-jabber=0 rx-drop=0 tx-bytes=117 408 472 688 tx-packet=84 677 640 tx-64=5 586 151 tx-65-127=2 562 504
      tx-128-255=807 744 tx-256-511=482 810 tx-512-1023=335 192 tx-1024-1518=76 615 271 tx-broadcast=121 167 tx-pause=0 tx-multicast=1 590 865 tx-collision=0 tx-excessive-collision=0
      tx-multiple-collision=0 tx-single-collision=0 tx-deferred=0 tx-late-collision=0 tx-drop=0 tx-fcs-error=0

Ok, there is a bridge, which I used to do VLAN tagging things:

As you see, I'm sending all vlans to the Cisco switch. And I'm only tagging vlan2 and vlan4 to the AP. So I don't expect to see any multicast traffic on AP interface, but in reality I do. I don't know why..

Look that, how much multicast traffic I have on ether3, which is connected to ether1 on AP. I can show different picture with the same kind of information:

Ok, we didn't said anything about cisco equipment, here is the configuration:

interface GigabitEthernet0/1
 description Cisco-SG200-08
 switchport trunk allowed vlan 2-6
 switchport mode trunk
!
interface GigabitEthernet0/2
 description Do-Not-Work
 shutdown
!
interface GigabitEthernet0/3
 description QNAP-TS-431P
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet0/4
 description MikroTik-hEX
 switchport mode trunk
!
interface GigabitEthernet0/5
 description proxmox-node-1
 switchport trunk native vlan 7
 switchport mode trunk
!
interface GigabitEthernet0/6
 description proxmox-node-2
 switchport trunk native vlan 7
 switchport mode trunk
!

interface Vlan1
 no ip address
!
interface Vlan2
 no ip address
!
interface Vlan3
 no ip address
!
interface Vlan4
 no ip address
!
interface Vlan5
 ip address 192.168.30.6 255.255.255.0
!
interface Vlan6
 no ip address
!

Below is detailed interview view of the Cisco switch:

2960g#show interfaces GigabitEthernet 0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0022.bd38.b481 (bia 0022.bd38.b481)
  Description: Cisco-SG200-08
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 367
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 2000 bits/sec, 2 packets/sec
     71462641 packets input, 34064842246 bytes, 0 no buffer
     Received 1185327 broadcasts (1173073 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 1173073 multicast, 0 pause input
     0 input packets with dribble condition detected
     179474379 packets output, 252015506771 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
2960g#

2960g#show interfaces GigabitEthernet0/3
GigabitEthernet0/3 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0022.bd38.b483 (bia 0022.bd38.b483)
  Description: QNAP-TS-431P
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:04, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 435
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 62000 bits/sec, 7 packets/sec
  5 minute output rate 55000 bits/sec, 13 packets/sec
     1870379854 packets input, 2240692066739 bytes, 0 no buffer
     Received 141380 broadcasts (101038 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 101038 multicast, 119 pause input
     0 input packets with dribble condition detected
     1923167326 packets output, 1771972517143 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
2960g#

GigabitEthernet0/4 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0022.bd38.b484 (bia 0022.bd38.b484)
  Description: MikroTik-hEX
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 6/255, rxload 6/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1134
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 26340000 bits/sec, 3254 packets/sec
  5 minute output rate 26607000 bits/sec, 3289 packets/sec
     8974430609 packets input, 9809117899373 bytes, 0 no buffer
     Received 1803510 broadcasts (1601913 multicasts)
     0 runts, 1809976 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 1601913 multicast, 0 pause input
     0 input packets with dribble condition detected
     8508259561 packets output, 8135592732093 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
2960g#

2960g#show interfaces GigabitEthernet0/5
GigabitEthernet0/5 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0022.bd38.b485 (bia 0022.bd38.b485)
  Description: proxmox-node-1
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 6/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:04, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 249
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 897000 bits/sec, 1193 packets/sec
  5 minute output rate 25555000 bits/sec, 2168 packets/sec
     4569823856 packets input, 2655578181223 bytes, 0 no buffer
     Received 1005668 broadcasts (604305 multicasts)
     17 runts, 0 giants, 0 throttles
     17 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 604305 multicast, 4171 pause input
     0 input packets with dribble condition detected
     6100296857 packets output, 7939546009895 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
2960g#

You can see the counters, broadcasts and multicast. The picture attached below are saying exactly the same:

We didn't said anything about IGMP on the Cisco switch, but there is no any configuration related to that, I mean the configuration is running on it's defaults.

2960g#show ip igmp snooping
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping                : Enabled
IGMPv3 snooping (minimal)    : Enabled
Report suppression           : Enabled
TCN solicit query            : Disabled
TCN flood query count        : 2
Robustness variable          : 2
Last member query count      : 2
Last member query interval   : 1000

Vlan 1:
--------
IGMP snooping                       : Enabled
IGMPv2 immediate leave              : Disabled
Multicast router learning mode      : pim-dvmrp
CGMP interoperability mode          : IGMP_ONLY
Robustness variable                 : 2
Last member query count             : 2
Last member query interval          : 1000

Vlan 2:
--------
IGMP snooping                       : Enabled
IGMPv2 immediate leave              : Disabled
Multicast router learning mode      : pim-dvmrp
CGMP interoperability mode          : IGMP_ONLY
Robustness variable                 : 2
Last member query count             : 2
Last member query interval          : 1000

So on, so forth for all vlan's and interfaces. There is no IGMP querier configured, no filters, simply nothing.

Regarding the articles which I've read in Internet, because vlan snooping is enabled, the vlan flow have to be restricted only to his vlan (broadcast domain), but why I'm seeing all of this broadcast, multicast on AP's interface? There is no such vlan configured to pass through. Same applies for QNAP port, even the QNAP port is in access mode, it doesn't care about vlan at all. So maybe I missed some basic things, but I'm not network guy, I just like to play with networking and servers.