No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Source Address-based MLD Message Filtering

Configuring Source Address-based MLD Message Filtering

Source address-based MLD message filtering is a security policy used for filtering MLD message on the router's interface connected to user hosts.

Context

By default, no source address-based MLD message filtering is configured on the router's interface connected to user hosts.

After you configure source address-based MLD message filtering on the router's interface connected to user hosts, the interface filters MLD messages based on the access control list (ACL) configuration.

Perform the following operations on the router's interface connected to user hosts.

Procedure

  • Configure source address-based MLD Report or Done message filtering.
    1. Run system-view

      The system view is displayed.

    2. Configure a basic numbered ACL6 or a naming ACL6 as needed.

      • Configure a basic numbered ACL6.

        1. Run acl ipv6 [ number ] basic-acl6-number [ match-order { auto | config } ]

          A basic numbered ACL6 is created, and the basic numbered ACL6 view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } ] *

          Rules are configured for the basic numbered ACL6.

      • Configure a naming ACL6.

        1. Run acl ipv6 name acl6-name basic [ match-order { auto | config } ]

          A naming ACL6 is created, and the naming ACL6 view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } ] *

          Rules are configured for the naming ACL6.

    3. Run quit

      Return to the system view.

    4. Run interface interface-type interface-number

      The interface view is displayed.

    5. Run mld ip-source-policy { basic-acl6-number | acl6-name acl6-name }

      Source address-based MLD Report or Done message filtering is configured.

      NOTE:
      • If an MLD Report or Leave message matches an ACL rule and the action is permit, the interface permits this message.
      • If an MLD Report or Leave message matches an ACL rule and the action is deny, the interface denies this message.
      • If an MLD Report or Leave message does not match any ACL rule, the interface denies this message.
      • If a specified ACL does not exist or does not contain rules, the interface denies all MLD Report and Leave messages.

    6. Run commit

      The configuration is committed.

  • Configure source address-based MLD Query message filtering.
    1. Run system-view

      The system view is displayed.

    2. Configure a basic numbered ACL6 or a naming ACL6 as needed.

      • Configure a basic numbered ACL6.

        1. Run acl ipv6 [ number ] basic-acl6-number [ match-order { auto | config } ]

          A basic numbered ACL6 is created, and the basic numbered ACL6 view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } ] *

          Rules are configured for the basic numbered ACL6.

      • Configure a naming ACL6.

        1. Run acl ipv6 name acl6-name basic [ match-order { auto | config } ]

          A naming ACL6 is created, and the naming ACL6 view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } ] *

          Rules are configured for the naming ACL6.

    3. Run quit

      Return to the system view.

    4. Run interface interface-type interface-number

      The interface view is displayed.

    5. Run mld query ip-source-policy { basic-acl6-number | acl6-name acl6-name }

      Source address-based MLD Query message filtering is configured to control querier election.

      NOTE:
      • If an MLD Query message matches an ACL rule and the action is permit, the interface permits this message.
      • If an MLD Query message matches an ACL rule and the action is deny, the interface denies this message.
      • If an MLD Query message does not match any ACL rule, the interface denies this message.
      • If a specified ACL does not exist or does not contain rules, the interface denies all MLD Query messages.

    6. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 43205

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next