No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IGMP Snooping

Configuring IGMP Snooping

This section describes the procedures for configuring IGMP Snooping.

Configuring Basic IGMP Snooping Functions

Basic IGMP snooping functions enable a device to create and maintain a Layer 2 multicast forwarding table and implement on-demand multicast data transmission at the data link layer.

Pre-configuration Tasks

A VLAN has been created.

Configuration Process

Enabling IGMP Snooping and Configuring the IGMP Snooping Version are mandatory and other tasks are optional.

Enabling IGMP Snooping

Context

Other IGMP snooping functions can be configured only after IGMP snooping is enabled globally. Other IGMP snooping functions take effect in a VLAN only after IGMP snooping is enabled in the VLAN.

By default, IGMP snooping is disabled globally on the switch modules.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    igmp snooping enable

    IGMP snooping is enabled globally.

  3. Run:

    vlan vlan-id

    The VLAN view is displayed.

  4. (Optional) Run:

    multicast layer-2 forwarding-mode { ip | mac }

    The multicast forwarding mode in the VLAN is set to IP address-based or MAC address-based forwarding.

    By default, multicast flows are forwarded based on IP addresses.

    • Configure the forwarding mode of multicast flows in the VLAN before IGMP snooping is enabled in the VLAN. Enable IGMP snooping in the VLAN for the configuration to take effect.

    • If the device forwards multicast data packets based on MAC addresses, do not use a group address on the network if the group address maps to the same multicast MAC address as a multicast IP address reserved for a protocol. Otherwise, the protocol that uses the multicast IP address cannot run normally. For example, OSPF uses 224.0.0.5 to send protocol packets. This multicast IP address maps to multicast MAC address 01-00-5E-00-00-05. If multicast data packets are forwarded based on MAC addresses and use multicast IP address 225.0.0.5 (also mapping to 01-00-5E-00-00-05), the OSPF protocol cannot run normally.

    • If the VLAN is configured as a TRILL CE VLAN and enabled with IGMP snooping, the multicast packets in the VLAN are forwarded based on MAC addresses, and the forwarding mode cannot be changed.

  5. Run:

    igmp snooping enable

    IGMP snooping is enabled in the VLAN.

    NOTE:

    Run the igmp snooping enable [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ] command in the system view to enable IGMP snooping in multiple VLANs.

  6. Run:

    commit

    The configuration is committed.

Configuring the IGMP Snooping Version

Context

IGMP manages multicast group members and runs on the network segments where Layer 3 multicast devices connect to user hosts. IGMP has three protocol versions V1, V2, and V3. You can specify the IGMP snooping version on a Layer 2 device to enable the device to process IGMP messages of the specified version. Generally, the version specified on the Layer 2 device is the same as that configured on the Layer 3 multicast device. If IGMP is disabled on the Layer 3 multicast device, configure the same IGMP version as member hosts or a higher IGMP version.

Devices in the same VLAN must run IGMP of the same version. When hosts that run different IGMP versions exist in a VLAN, configuring IGMP snooping version to enable the device to process IGMP messages of different versions.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping version version

    The version of IGMP messages that the device can process is set.

    By default, the device can process IGMPv1 and IGMPv2 messages but cannot process IGMPv3 messages.

    NOTE:

    When MAC address-based forwarding is enabled in the VLAN, IGMPv3 cannot be configured.

  4. Run:

    commit

    The configuration is committed.

(Optional) Configuring a Static Router Port

Context

A router port is located on a Layer 2 device and connects to an upstream Layer 3 device (a multicast router or Layer 3 switch). When IGMP snooping is enabled in a VLAN, all interfaces in this VLAN learn forwarding entries from multicast protocol packets. When an interface receives IGMP Query messages or Protocol Independent Multicast (PIM) Hello messages, the Layer 2 device sets this interface as a dynamic router port. A router port provides the following functions:

  • Receives multicast data from the upstream device.
  • Forwards IGMP Report/Leave messages. IGMP Report/Leave messages received in a VLAN are forwarded only to router ports in the VLAN.

A dynamic router port has an aging time. If a dynamic router port does not receive an IGMP Query or a PIM Hello message before the aging time expires, the device deletes the port from the router port list. To enable an interface to forward IGMP Report/Leave messages to the upstream querier for a long time, configure the interface as a static router port.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. (Optional) Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. (Optional) Run:

    igmp snooping router-learning disable

    Dynamic router port learning is disabled.

    By default, dynamic router port learning is enabled in a VLAN.

  4. (Optional) Run:

    quit

    Exit from the VLAN view.

  5. Run:

    interface interface-type interface-number

    The interface view is displayed.

  6. Run:

    igmp snooping static-router-port vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

    An interface is configured as a static router port.

  7. Run:

    commit

    The configuration is committed.

(Optional) Configuring a Static Member Port

Context

A member port is on a Layer 2 device and connects to receiver hosts which are multicast group members. The member port can be configured manually or learned dynamically by multicast protocols. When IGMP snooping is enabled in a VLAN, all interfaces in this VLAN learn forwarding entries from multicast packets. When an interface receives IGMP Report messages, the Layer 2 device sets this interface as a dynamic member port. A dynamic member port has the aging time.

If the hosts connected to an interface need to receive the multicast data of a specific multicast group or multicast source group for a long time, add the interface statically to the multicast group or multicast source group. The manually added interface is a static member port. Static member ports do not age.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. (Optional) Run:

    igmp snooping learning disable vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }

    Dynamic learning of member ports is disabled.

    By default, dynamic learning of member ports is enabled. To forward multicast data, the interfaces must be statically added to a multicast group after disabling dynamic learning of member ports.

  4. Run:

    igmp snooping static-group [ source-address source-ip-address ] group-address group-ip-address vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

    The interface is manually added to a multicast group and becomes a static member port.

    Or run:

    igmp snooping static-group [ source-address source-ip-address ] group-address group-ip-address1 to group-ip-address2 vlan vlan-id

    The interface is added to multiple multicast groups.

  5. Run:

    commit

    The configuration is committed.

(Optional) Configuring an IGMP Snooping Querier

Context

When IGMP snooping is enabled on a Layer 2 device, the Layer 2 device can listen on IGMP protocol packets exchanged between an IGMP querier and user hosts to dynamically create Layer 2 multicast forwarding entries and provide Layer 2 multicast functions.

A Layer 2 device cannot create Layer 2 multicast forwarding entries by listening on IGMP protocol packets in the following conditions, even when IGMP snooping is enabled on the device:

  • The interfaces on the upstream Layer 3 multicast device have static multicast groups configured and do not run the IGMP protocol.

  • The multicast source is located on the same Layer 2 network as user hosts, and therefore no Layer 3 multicast device is required.

In either of the preceding conditions, you can configure the IGMP snooping querier on the Layer 2 multicast device. Then the Layer 2 multicast device substitutes for a Layer 3 multicast device to send IGMP Query messages to user hosts.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping querier enable

    The IGMP snooping querier function is enabled.

    NOTE:
    • The IGMP snooping querier function cannot be enabled in a VLAN if the corresponding Layer 3 VLANIF interface has Layer 3 multicast functions (such as IGMP and PIM) enabled.

    • After an IGMP snooping querier is enabled, the switch modules periodically broadcasts IGMP Query messages to all the interfaces in a VLAN, including the router ports in the VLAN. This may result in IGMP querier reelection if an IGMP querier already exists on the multicast network. If an IGMP querier already exists on the multicast network, configuring IGMP snooping querier is not recommended. If IGMP snooping querier needs to be configured in this condition, ensure that the switch modules has a larger IP address than the upstream IGMP querier.

    • IGMP snooping querier and IGMP snooping proxy cannot be enabled in the same VLAN.

  4. (Optional) Run:

    igmp snooping querier-election

    The querier election function is enabled.

    If the querier function is enabled on multiple devices in the VLAN, one of these devices must be elected as the querier to send Query messages to user hosts.

  5. (Optional) Set the querier parameters.

    NOTE:

    When setting the querier parameters, ensure that the interval for sending IGMP General Query messages is larger than the maximum response time for IGMP Query messages.

    Querier Parameter

    Configuration Command

    Description

    Default Setting

    Version

    Interval for sending IGMP General Query messages

    igmp snooping query interval query-interval

    The querier sends IGMP General Query messages at the specified interval to maintain memberships of interfaces in a VLAN.

    60 seconds

    IGMPv1, IGMPv2, and IGMPv3

    IGMP robustness variable

    igmp snooping robust-count robust-count

    The robustness variable defines the following values:
    • Number of times the querier sends General Query messages after startup. The packet sending interval is 1/4 of the configured interval for sending General Query messages.
    • Number of times the querier sends Group-Specific Query messages after receiving a Leave message. The packet sending interval is the same as the configured interval for sending Group-Specific Query messages.

    2

    IGMPv1, IGMPv2, and IGMPv3

    Maximum response time for IGMP Query messages

    igmp snooping query max-response-time max-response-time

    When receiving IGMP Report messages from hosts, the switch modules sets the aging time of member ports by using the following formula: Aging time = IGMP robustness variable x Interval for sending IGMP General Query messages + Maximum response time.

    After a multicast member receives an IGMP Query message, it must send a Report message within the maximum response time.

    10 seconds

    IGMPv2 and IGMPv3

    Interval for sending IGMP Group-Specific Query messages

    igmp snooping query last-member-interval last-member-interval

    When receiving IGMP Leave messages from a host, the switch modules calculates the aging time of the member port by using the following formula: Aging time = Interval for sending Group-Specific Query messages x IGMP robustness variable. The switch modules sends a Group-Specific Query message certain times (specified by the IGMP robustness variable) to check whether this group has any other members.

    1 second

    IGMPv2 and IGMPv3

  6. (Optional) Run:

    quit

    Return to the system view.

  7. (Optional) Run:

    igmp snooping send-query source-address ip-address

    The source IP address of an IGMP General Query message is configured.

    By default, the source IP address of an IGMP General Query message sent by the IGMP snooping querier is 192.168.0.1. If this IP address is used by other devices on the network, you can use this command to set another IP address.

  8. Run:

    commit

    The configuration is committed.

(Optional) Suppressing Report and Leave Messages

Context

IGMP periodically sends Query and Response messages to maintain memberships. When multiple multicast members join the same multicast group, they send a large number of the same Report message to the IGMP router. When IGMPv2 or IGMPv3 hosts leave a multicast group, they send a large number of the same Leave message. To conserve bandwidth, configure suppression for Report and Leave messages on the Layer 2 device.

After message suppression is configured, the switch modules forwards a Report message only when the first member joins a multicast group or when it receives an IGMP Query message. and a Leave message only when the last member leaves the multicast group.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping report-suppress

    The Report and Leave messages are suppressed.

    NOTE:

    When configuring message suppression, pay attention to the following points:

    • After message suppression is configured in a VLAN, Layer 3 multicast functions (such as IGMP and PIM) cannot be enabled on the corresponding VLANIF interface.
    • IGMP snooping proxy and message suppression cannot be configured in the same VLAN.

  4. Run:

    commit

    The configuration is committed.

(Optional) Configuring the Router-Alert Option

Context

By default, the switch modules does not check whether IGMP messages contain the Router-Alert option and sends all the IGMP messages to the upper-layer routing protocol. To improve device performance, reduce transmission cost, and enhance protocol security, configure the switch modules to discard IGMP messages without the Router-Alert option.

By default, the switch modules sends IGMP messages with the Router-Alert option.

For details about the Router-Alert option, see RFC 2113.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping require-router-alert

    The device is configured to check whether IGMP messages contain the Router-Alert option.

  4. Run:

    undo igmp snooping send-router-alert disable

    The device is configured to send only IGMP messages with the Router-Alert option.

  5. Run:

    commit

    The configuration is committed.

(Optional) Disabling Users from Dynamically Joining Multicast Groups

Context

If an upstream multicast group is a non-Huawei device and has static multicast groups configured on the interface connected to user hosts, multicast users are not allowed to dynamically join or leave the multicast groups. In this case, disable the device from sending IGMP Report and Leave messages that contain static group addresses to the upstream device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping static-group suppress-dynamic-join

    The switch modules is disabled from sending IGMP Report and Leave messages that contain static group addresses to the upstream device.

    By default, the device forwards IGMP Report and Leave messages that contain static group addresses to the router port.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Context

After the configurations are complete, run the following commands in any view to check IGMP spooning configurations and the forwarding entries.

Procedure

  • Run the display igmp snooping [ vlan [ vlan-id ] ] configuration command to check the IGMP snooping configuration in a VLAN.
  • Run the display igmp snooping [ vlan [ vlan-id ] ] command to check all the IGMP snooping running parameters in a VLAN.
  • Run the display igmp snooping port-info [ vlan vlan-id [ group-address group-address ] ] [ verbose ] command to check member ports of the multicast group.
  • Run the display igmp snooping router-port vlan vlan-id command to check router ports.
  • Run the display multicast layer-2 ip fib [ vlan vlan-id [ [ source source-address ] group group-address] ] command to check the multicast forwarding table in a VLAN.
  • Run the display multicast layer-2 forwarding-mode vlan [ vlan-id ] command to check multicast data forwarding mode in the VLAN.
  • Run the display igmp snooping querier vlan [ vlan-id ] command to check the IGMP snooping querier configuration.

Configuring IGMP Snooping Proxy

IGMP snooping proxy enables the switch modules to substitute for the Layer 3 device to send IGMP Query messages to user hosts, and substitute for user hosts to send IGMP Report/Leave messages to the Layer 3 device. This function saves bandwidth between the upstream device and local switch modules.

Pre-configuration Tasks

Enabling IGMP Snooping

Context

When IGMP is disabled on the Layer 3 device (for example, only static multicast group is configured), there is no IGMP querier on the network to maintain multicast memberships. Configure the IGMP snooping proxy function on a Layer 2 device, then the Layer 2 device functions as an IGMP querier to send IGMP Query messages.

When IGMP is enabled on the network, the IGMP snooping proxy function can be deployed on a Layer 2 device to allow the device to substitute for the user host to send IGMP Report messages to the upstream device. In this case, the Layer 3 device receives fewer IGMP Report and Leave messages.

The device configured with IGMP snooping proxy functions as a host for its upstream device and a querier for its downstream device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping proxy

    IGMP snooping proxy is enabled.

    NOTE:
    • IGMP snooping proxy cannot be enabled in a VLAN if the corresponding VLANIF interface has Layer 3 multicast function (such as IGMP and PIM) enabled.

    • The IGMP snooping querier and IGMP message suppression functions can be enabled in the same VLAN to implement the IGMP snooping proxy function. After you configure the IGMP snooping proxy function in a VLAN, do not configure the IGMP snooping querier or IGMP message suppression function in the VLAN. For detailed configurations of IGMP snooping querier and IGMP message suppression, see (Optional) Configuring an IGMP Snooping Querier and (Optional) Suppressing Report and Leave Messages.

  4. (Optional) Run:

    igmp snooping proxy router-protocol-pass

    The switch modules is configured to transparently transmit IGMP messages in the VLAN.

    By default, the switch modules having IGMP snooping proxy enabled terminates IGMP messages it receives and learns multicast forwarding entries from the packets. When IGMP snooping proxy is enabled on both the upstream device and downstream device on the network, you can run this command to enable the device to transparently transmit IGMP messages from one router port to other router ports without learning the forwarding entries. In this way, the aging of forwarding entries is not affected.

  5. (Optional) Run:

    quit

    Return to the system view.

  6. (Optional) Run:

    interface interface-type interface-number

    The interface view is displayed.

  7. (Optional) Run:

    igmp snooping proxy-uplink-port vlan vlan-id

    The switch modules is disabled from sending IGMP Query messages to the router port.

    After IGMP snooping proxy is enabled in a VLAN, the switch modules broadcasts IGMP Query messages to all interfaces in the VLAN periodically, including the router port in the VLAN. This may result in reelection of the IGMP querier. To prevent IGMP querier reelection, run this command to disable the switch modules from sending IGMP Query messages to the router port.

  8. Run:

    commit

    The configuration is committed.

Checking the Configuration

After completing IGMP snooping proxy configuration, you can run the display igmp snooping [ vlan [ vlan-id ] ] configuration command in any view to check the IGMP snooping proxy configuration in the VLAN.

Configuring the IGMP Snooping Policy

The IGMP snooping policy controls the multicast programs for users, making the multicast network controllable and secure.

Configuration Process

You can perform the following configuration tasks in any sequence as required.

Configuring a Multicast Group Policy

Context

A multicast group policy determines which multicast groups the hosts in a VLAN can join. The multicast group policy is applicable only to dynamic multicast groups. Before configuring the multicast group policy, create an ACL and define rules. For details about ACL configuration, see "ACL Configuration" in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - Security.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Use either of the following methods to configure a multicast group policy.

    • Configure a multicast group policy in a VLAN.
      1. Run:

        vlan vlan-id

        The VLAN view is displayed.

      2. Run:

        igmp snooping group-policy { acl-number  | acl-name acl-name } [ version version-number ]

        A multicast group policy is configured.

    • Configure a multicast group policy on an interface.
      1. Run:

        interface interface-type interface-number

        The interface view is displayed.

      2. Run:

        igmp snooping group-policy { acl-number  | acl-name acl-name }  [ version version-number ] vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>

        A multicast group policy is configured on an interface.

    By default, the user hosts in a VLAN can join any multicast group. If the IGMP version is not specified for a multicast group policy, the switch modules applies the policy to all the received IGMP messages regardless of their versions.

    If you configure multicast group policies for the same VLAN in the interface view and VLAN view, the system first uses the policy configured in the interface view and then the policy configured in the VLAN view to determine the groups that user hosts can join.

    NOTE:

    The ACL referenced in a group policy permits all multicast groups by default. Therefore, to allow interfaces in a VLAN to receive only multicast data sent to specific groups, use a rule deny source any rule with permit rules in the ACL.

  3. Run:

    commit

    The configuration is committed.

Filtering Multicast Data on an Interface

Context

To reject certain types of multicast data, a network administrator can configure the switch modules to filter multicast data packets from a certain VLAN on an interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    multicast deny-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

    The multicast data from a certain VLAN is filtered.

    NOTE:

    You must specify a VLAN to which the interface has already been added. Otherwise, the configuration does not take effect.

    This command can discard only multicast data packets that meet both of the following conditions:
    • The destination MAC address is an IP multicast MAC address (IPv4 MAC address starting with 0x01005E ).
    • The packet encapsulation protocol is UDP.

  4. Run:

    commit

    The configuration is committed.

Discarding of Unknown Multicast Flows

Context

Unknown multicast flows are multicast data flows that match no entry in the multicast forwarding table. By default, the switch modules broadcasts unknown multicast flows in the corresponding VLAN. Enabling the discarding of unknown multicast flows reduces instant bandwidth usage compared with the broadcast mode.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    multicast drop-unknown

    The switch modules is configured to discard unknown multicast flows.

    NOTE:
    After the multicast drop-unknown command is configured:
    • The switch modules discards the original unknown multicast data packets. Multicast data flows can be forwarded after the matching multicast forwarding entries are generated.
    • The switch modules discards protocol packets with reserved group addresses, such as PIM Hello packets, OSPF packets, and BFD packets. If no multicast function is enabled, the switch modules discards IGMP packets. If multicast functions are enabled, the switch modules processes IGMP packets normally.

  4. Run:

    commit

    The configuration is committed.

Configuring a Policy to Filter IGMP Report/Leave Messages

Context

An administrator can configure a policy to filter IGMP Report/Leave messages from specified hosts to improve security of multicast services.

This function must be used together with an ACL. When a basic ACL is used, IGMP Report/Leave messages with specified source addresses can be filtered. When an advanced ACL is used, IGMP Report/Leave messages with destination addresses or source addresses can be filtered. For details on how to configure an ACL, see "ACL Configuration" in the Configuration Guide - Security.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping ip-source-policy { acl-number  | acl-name acl-name }

    A policy is configured to filter IGMP Report/Leave messages so that hosts in a VLAN can only dynamically join multicast groups that match the ACL rule.

    By default, no policy is configured to filter IGMP Report/Leave messages in a VLAN.

  4. Run:

    commit

    The configuration is committed.

Configuring a Policy to Filter IGMP Query Messages

Context

If an attacker sends Query messages with a smaller IP address than the real IGMP querier on the network, switches running IGMP snooping consider the attacker as a querier and forward IGMP Membership Report messages to the attacker. In this case, multicast traffic cannot be forwarded correctly. You can configure an IGMP Query message filtering policy to defend against such attacks. An IGMP Query message filtering policy permits only IGMP Query messages with specified source IP addresses and rejects other IGMP Query messages. This improves security of a Layer 2 multicast network.

An IGMP Query message filtering policy must reference an ACL. IGMP Query messages are accepted only when their source IP addresses are permitted by the referenced ACL (within the address range following permit in the ACL rule). For details about ACL configuration, see "ACL Configuration" in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - Security.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping query ip-source-policy { acl-number  | acl-name acl-name }

    An IGMP Query message filtering policy is configured.

    By default, no IGMP Query message filtering policy is configured in a VLAN.

  4. Run:

    commit

    The configuration is committed.

Configuring the Multicast Group Type for a VLAN

Context

There are two multicast service modes: Any-Source Multicast (ASM) mode and Source-Specific Multicast (SSM). In the ASM mode, packets do not carry multicast source information; while in the SSM mode, packets carry multicast source information. The ASM mode and SSM mode use different multicast group addresses. This function enables the switch modules to learn only IGMP messages within the ASM or SSM address scope.

NOTE:

This function applies only to the switch modules that runs IGMPv3 snooping but not IGMPv1 or IGMPv2 snooping.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping { asm-only | ssm-only | asm-ssm }

    The type of multicast groups in a VLAN is configured.

    By default, the type of multicast groups in a VLAN is asm-ssm.

  4. Run:

    commit

    The configuration is committed.

Setting the Aging Time for Entries Triggered by Multicast Traffic

Context

If a multicast source does not send multicast data for some multicast groups, relevant (S, G) entries need to be deleted. If a device does not receive any multicast data sent by a multicast source to a multicast group within the aging time of the corresponding (S, G) entry triggered by multicast traffic, the device deletes this (S, G). This aging mechanism enables the device to update multicast entries and release entry resources in a timely manner.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    multicast layer-2 source-lifetime lifetime

    The aging time is set for entries triggered by multicast traffic in the VLAN.

    By default, the aging time of an entry triggered by multicast traffic is 210s.

    Configure aging time of (S, G) entries according to the number of the multicast forwarding entries used. If a large number of multicast entries are used on your network, a too short aging time will make the multicast forwarding table incomplete. However, if the aging time is too long, invalid entries will be retained for a long time, wasting system resources. The following table lists the recommended aging time values for different quantities of multicast forwarding entries.

    Number of Entries

    Recommended Aging Time

    Within 1000

    Default value

    1000 to 2000

    1000 seconds

    2000 to 8000

    2000 seconds

    More than 8000

    4000 seconds

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Prerequisites

After the configurations of IGMP snooping policy are complete, run the following commands in any view to check the policy configurations and usage.

Procedure

  • Run the display igmp snooping [ vlan [ vlan-id ] ] configuration command to check the IGMP snooping configuration.

    The configurations of IGMP snooping include the configurations of IGMP snooping policy in the VLAN.

  • Run the display multicast layer-2 ip fib [ vlan vlan-id [ [ source source-address ] group group-address ] ] command to check the multicast forwarding table in a VLAN.

    You can check whether a Layer 2 multicast policy is used correctly by viewing Layer 2 multicast forwarding entries.

Configuring Membership Fast-Update

The switch modules is configured to rapidly update memberships when a multicast group member joins or leaves the multicast group. This improves the efficiency and user experience of multicast services.

Configuration Process

You can perform the following configuration tasks in any sequence as required.

Setting the Aging Time of Group Member Ports

Context

A device sets the aging time of a group member port depending on the IGMP message received on the member port:
  • When the member port receives a Report message from a downstream host, the device sets the aging time to: Robustness variable x General Query interval + Maximum response time for General Query messages.

  • When the member port receives a Leave message from a downstream host, the device sets the aging time to: Last member query interval x Robustness variable.

When deploying a Layer 2 multicast network, ensure that all the Layer 2 multicast devices use the same parameter values to calculate the aging time of dynamic group member ports, especially the IGMP snooping general query interval. Otherwise, errors may occur in Layer 2 multicast forwarding.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping query interval query-interval

    The IGMP snooping general query interval is configured.

    By default, the IGMP snooping general query interval is 60 seconds.

  4. Run:

    igmp snooping robust-count robust-count

    The IGMP snooping robustness variable is configured.

    By default, the IGMP snooping robustness variable is 2.

  5. Run:

    igmp snooping query max-response-time max-response-time

    The IGMP snooping maximum response time is set.

    By default, the IGMP snooping maximum response time is 10 seconds.

  6. Run:

    igmp snooping query last-member-interval last-member-interval

    The IGMP snooping last member query interval is configured.

    By default, the IGMP snooping last member query interval is 1 second.

  7. Run:

    commit

    The configuration is committed.

Setting the Aging Time of Dynamic Router Ports

Context

A router port sends IGMP Report/leave messages to an upstream Layer 3 device and receives multicast packets from the upstream device. When IGMP snooping is enabled on a device, the device can learn entries of the dynamic router port to monitor the sending of multicast data. When network congestion or flapping occurs, the dynamic router port does not receive General IGMP Query or PIM Hello messages before it times out. The switch modules deletes the interface from the router port list, which may cause service interruption. To avoid this problem, set a longer aging time.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping router-aging-time router-aging-time

    The aging time is set for dynamic router ports.

    By default, the aging time of router ports that the switch modules learns from General IGMP Query messages is 180 seconds. By default, the aging time of router ports that the switch modules learns from PIM Hello messages is the Holdtime value in PIM Hello messages.

  4. Run:

    commit

    The configuration is committed.

Configuring Fast Leave for Member Ports

Context

When the switch modules receives IGMP Leave messages from a member interface, the fast leave function allows the switch modules immediately deletes forwarding entries of the member interface but not reset the aging timer.

NOTE:
  • Enable fast leave for member ports in the VLAN only when each interface in a VLAN is connected to one receiver host.

  • Prompt leave takes effect for member ports in a VLAN only when the switch modules can process IGMPv2 or IGMPv3 messages.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping prompt-leave [ group-policy { acl-number  | acl-name acl-name }]

    Prompt leave is configured on the member port.

    By default, no member port is allowed to fast leave a multicast group.

    You can limit the number of member ports that fast leave a multicast group by using the group-policy parameter. In this case, create an ACL and configure an ACL rule. The default ACL rule permit is applicable to all multicast groups. Therefore, to enable the member ports to fast leave a specified multicast group, run the rule deny source any command. For details on how to configure an ACL, see "ACL Configuration" in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - Security.

  4. Run:

    commit

    The configuration is committed.

Sending IGMP Query Messages upon Topology Changes

Context

When a Layer 2 network topology changes, the forwarding path of multicast packets may change. When a fault occurs on a link, the switch modules sends IGMP Query messages and the multicast members reply with IGMP Report messages. The switch modules then updates information about multicast member ports based on the IGMP Report messages. In this manner, multicast packets can be switched to new forwarding paths in time.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    igmp snooping send-query enable

    IGMP Query messages are sent upon topology changes.

    By default, the switch modules is disabled from sending IGMP Query messages upon topology changes.

    This command enables the switch modules to send IGMP Query messages (the source IP address is 192.168.0.1 by default) upon topology changes, and update information about multicast member ports in time, so that multicast packets to the downstream members are interrupted only for a short period.

  3. (Optional) Run:

    igmp snooping send-query source-address ip-address

    The source IP address of an IGMP General Query message is configured.

    By default, the source IP address of an IGMP General Query message sent upon topology changes is 192.168.0.1. If this IP address is used by other devices on the network, you can use this command to set another IP address.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Prerequisites

After the configuration of membership fast-update is complete, you can run the following commands in any view to check the IGMP snooping configuration and forwarding entries.

Procedure

  • Run the display igmp snooping [ vlan [ vlan-id ] ] configuration command to check the IGMP snooping configuration.
  • Run the display multicast layer-2 ip fib [ vlan vlan-id [ [ source source-address ] group group-address] ] command to check the multicast forwarding table in a VLAN.

Configuring IGMP Snooping SSM Mapping

If user hosts on a Layer 2 network run only IGMPv1 or IGMPv2, enable SSM mapping on the switch modules to provide SSM services for these hosts.

Pre-configuration Tasks

Enabling IGMP Snooping

(Optional) Configuring an SSM Group Policy

Context

By default, the address of an SSM group ranges from 232.0.0.0 to 232.255.255.255. If a user joins a multicast group whose IP address is not in this range, configure an SSM group policy in the VLAN to add the multicast group address to the range of SSM group addresses. The SSM group policy must be used together with an ACL. For details on how to configure an ACL, see "ACL Configuration" in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - Security.

NOTE:

By default, the ACL applied to an SSM group policy denies all multicast groups. Therefore, to exclude specific group addresses from the SSM group address range, use a rule permit source any rule with deny rules in the ACL.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping ssm-policy { basic-acl-number | acl-name acl-name }

    An SSM group policy is configured.

    After you configure an SSM group policy, the multicast groups specified in the SSM policy are considered as SSM groups.

  4. Run:

    commit

    The configuration is committed.

Configuring IGMP Snooping SSM Mapping Functions

Context

  • By configuring SSM mapping, you can set up one-to-one mappings between multicast groups and multicast sources.

  • SSM mapping applies only to the scenario where IGMP snooping in the VLAN can process IGMPv3 messages.

  • Although SSM mapping takes effect only for IGMPv3 messages in a VLAN, the switch does not convert IGMPv2 messages into IGMPv3 messages before sending the messages to router ports. You can configure IGMP snooping proxy or IGMP snooping Report suppression on the switch modules to enable the switch to send IGMPv3 messages to the upstream device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    igmp snooping version  3

    The version of IGMP snooping run in the VLAN is set to 3.

    The default version number of IGMP snooping is 2, but IGMPv2 version does not support SSM mapping.

  4. Run:

    igmp snooping ssm-mapping enable [ policy policy-name ]

    SSM mapping is enabled in the VLAN.

    By default, SSM mapping is disabled in a VLAN.

  5. Configure the mapping between a group address and a source address.

    Group addresses used in the following steps are included in the SSM group address range. For details on how to configure an SSM group address range, see (Optional) Configuring an SSM Group Policy.

    • If you do not specify policy policy-name in 4, run the igmp snooping ssm-mapping group-address { group-mask | mask-length } source-address command to configure the mapping between a group address and a source address.
    • If you specify policy policy-name in 4, perform the following steps:
      1. Run the quit command to return to the system view.
      2. Run the ssm-mapping policy policy-name command to enter the SSM mapping policy view.
      3. Run the group group-address { group-mask-length | group-mask } source source-address command to configure the mapping between a group address and a source address.

    The mapping configured in the SSM mapping policy view can be applied to multiple VLANs, whereas the mapping configured in the VLAN view takes effect only in the current VLAN. To apply the same mapping to multiple VLANs, you are advised to configure an SSM mapping policy.

  6. Run:

    commit

    The configuration is committed.

Checking the Configuration

Context

After configuring SSM mapping, run the following command in any view to check the configured SSM mapping entries.

Procedure

  • Run the display igmp snooping port-info [ vlan vlan-id [ group-address group-address ] ] [ verbose ] command to check information about IGMP snooping interfaces.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57923

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next