No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Source Address-based IGMP Message Filtering

Configuring Source Address-based IGMP Message Filtering

Source address-based IGMP message filtering is a security policy used for filtering IGMP message on the router's interface connected to user hosts.

Context

By default, no source address-based IGMP message filtering is configured on the router's interface connected to user hosts.

After you configure source address-based IGMP message filtering on the router's interface connected to user hosts, the interface filters IGMP messages based on the access control list (ACL) configuration.

Perform the following operations on the router's interface connected to user hosts.

Procedure

  • Configure source address-based IGMP Report or Leave message filtering
    1. Run system-view

      The system view is displayed.

    2. Configure a basic numbered ACL or a naming ACL as needed.

      • Configure a basic numbered ACL.

        1. Run acl [ number ] basic-acl-number [ match-order { auto | config } ]

          A basic numbered ACL is created, and the basic numbered ACL view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } source { source-ip-address { source-wildcard | 0 } | any }

          Rules are configured for the basic numbered ACL.

      • Configure a naming ACL.

        1. Run acl name acl-name basic [ match-order { auto | config } ]

          A naming ACL is created, and the naming ACL view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } source { source-ip-address { source-wildcard | 0 } | any }

          Rules are configured for the naming ACL.

    3. Run quit

      Return to the system view.

    4. Run interface interface-type interface-number

      The interface view is displayed.

    5. Run igmp ip-source-policy [ basic-acl-number | acl-name acl-name ]

      Source address-based IGMP Report or Leave message filtering is configured.

      NOTE:
      • If an ACL is not configured in this command, the device permits an IGMP Report or Leave message if the message's source address is 0.0.0.0 or if the message's source address is on the same network segment as the address of the interface that receives the message, but discards the message if the message's source address is on a different network segment from the address of the interface that receives the message.
      • If an ACL is configured on an interface, the interface uses configured ACL rules to filter source addresses in IGMP Report or Leave messages.
        • If an IGMP Report or Leave message matches an ACL rule and the action is permit, the interface permits this message.
        • If an IGMP Report or Leave message matches an ACL rule and the action is deny, the interface denies this message.
        • If an IGMP Report or Leave message does not match any ACL rule, the interface denies this message.
        • If a specified ACL does not exist or does not contain rules, the interface denies all IGMP Report and Leave messages.

    6. Run commit

      The configuration is committed.

  • Configure source address-based IGMP Query message filtering
    1. Run system-view

      The system view is displayed.

    2. Configure a basic numbered ACL or a naming ACL as needed.

      • Configure a basic numbered ACL.

        1. Run acl [ number ] basic-acl-number [ match-order { auto | config } ]

          A basic numbered ACL is created, and the basic numbered ACL view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } source { source-ip-address { source-wildcard | 0 } | any }

          Rules are configured for the basic numbered ACL.

      • Configure a naming ACL.

        1. Run acl name acl-name basic [ match-order { auto | config } ]

          A naming ACL is created, and the naming ACL view is displayed.

        2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } source { source-ip-address { source-wildcard | 0 } | any }

          Rules are configured for the naming ACL.

    3. Run quit

      Return to the system view.

    4. Run interface interface-type interface-number

      The interface view is displayed.

    5. Run igmp query ip-source-policy { basic-acl-number | acl-name acl-name }

      Source address-based IGMP Query message filtering is configured to control querier election.

      NOTE:
      • If an IGMP Query message matches an ACL rule and the action is permit, the interface permits this message.
      • If an IGMP Query message matches an ACL rule and the action is deny, the interface denies this message.
      • If an IGMP Query message does not match any ACL rule, the interface denies this message.
      • If a specified ACL does not exist or does not contain rules, the interface denies all IGMP Query messages.

    6. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 44400

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next