Configuring a Policy for Processing MLD Message
In this configuration task, you can configure a device to deny all the MLD packets without Router-Alert options, send MLD packets without Router-Alert options, and filter MLD packets based on source addresses.
Usage Scenario
Generally, a device sends a packet to the routing protocol layer for processing only if the destination IP address of the packet is the IP address of a local interface. The destination IP address of an MLD packet is usually a multicast address but not the address of an interface on a multicast device and thus the MLD packet may fail to be sent to the routing protocol layer for processing. Router-Alert options can address such a problem. MLD packets carrying Router-Alert options need to be sent to the routing protocol layer for processing.
To improve a device's security, you can configure a device to filter MLD packets based on source addresses. This filtering function is implemented by specifying source addresses in ACL rules, so the device permits an MLD packet only if the packet carries a source address that is specified as a valid source address in an ACL rule.
NOTE: For details about Router-Alert options, see relevant standards.
- Configuring a Multicast Device to Deny MLD Packets Without
the Router-Alert Option
If user hosts do not want to receive MLD packets without the Router-Alert option, configure the multicast device directly connected to the user hosts to deny all MLD packets without the Router-Alert option. - Configuring a Multicast Device to Send MLD Packets Without
the Router-Alert Option
If some MLD interfaces on the same network need to receive MLD packets without the Router-Alert option, configure the multicast device connected to the user network segment to send MLD packets without the Router-Alert option. - Configuring Source Address-based MLD Message Filtering
Source address-based MLD message filtering is a security policy used for filtering MLD message on the router's interface connected to user hosts. - Verifying the Configuration of the Policy for Processing MLD
Packets
After configuring the Policy for Processing MLD Packets, verify MLD configurations and running information on the interface to ensure normal running of MLD.
Previous
