No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring a Multicast Group Security Policy

(Optional) Configuring a Multicast Group Security Policy

A multicast group policy can be configured to limit the range and number of multicast groups that some hosts can join or to add security messages to multicast data packets.

Context

A multicast group security policy provides the following functions:
  • Limit on multicast group types: There are two types of multicast groups: Any-Source Multicast (ASM) and Source-Specific Multicast (SSM). During IGMPv3 multicast service deployment, you can limit the type of multicast groups for which a Layer 2 device in a VLAN or VSI forwards data.

  • Limit on the multicast group address range: This function is used to limit the range of multicast groups that user hosts attached to a sub-interface or in a VLAN or VSI are allowed to join.

  • Multicast protocol packet protection: This function is used to ensure protocol security. After this function is enabled on a device, the device directly discards an IGMP message that does not carry the Router Alert option in the IP header.

  • Multicast message filtering based on source or destination IP addresses: An access control list (ACL) is configured to filter the source and destination IP addresses in IGMP Query, Report or Leave messages, which prevents forged IGMP Query, Report or Leave messages from interrupting multicast services.

The preceding functions are optional and can be configured in any order. Configure one or more functions as required. Default settings are recommended.

Before configuring a multicast group security policy, enable IGMP snooping both globally and in a specified VLAN or VSI.

Procedure

  • Limit the type of multicast groups.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations to select VLAN or VPLS networking:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name [ static ] command to enter the VSI view.

    3. Run igmp-snooping version 3

      The version number of IGMP snooping is set to 3 in the VLAN or VSI.

    4. Run igmp-snooping { ssm-only | asm-only | asm-ssm }

      A multicast group type is set in the VLAN or VSI.

    5. Run commit

      The configuration is committed.

  • Limit the multicast address range in a VLAN or VSI.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations to select VLAN or VPLS networking:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name [ static ] command to enter the VSI view.

    3. Run igmp-snooping group-policy { acl-number | acl-name acl-name } [ version number ]

      The multicast group address range is limited in the VLAN or VSI. Interfaces in the VLAN or VSI are allowed to join only multicast groups in the range defined by a specified ACL.

      By default, the multicast address range is not limited in the VLAN or VSI.

    4. Run commit

      The configuration is committed.

  • Limit the multicast group address range on a sub-interface.
    1. Run system-view

      The system view is displayed.

    2. Run interface { ethernet | gigabitethernet |eth-trunk} interface-number.subnumber

      The sub-interface view is displayed.

    3. Run igmp-snooping group-policy { acl-number | acl-name acl-name } [ version number ]

      The multicast group address range is limited on the sub-interface, and the sub-interface is allowed to join only multicast groups in the range defined by a specified ACL.

    4. Run commit

      The configuration is committed.

  • Configure multicast protocol packet protection.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations to select VLAN or VPLS networking:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name [ static ] command to enter the VSI view.

    3. Run igmp-snooping require-router-alert

      The device is configured to accept only IGMP messages that carry the Router Alert option in the IP header.

      The device discards a received IGMP message that does not carry the Router Alert option in the IP header.

    4. Run igmp-snooping send-router-alert

      The device is configured to send only IGMP messages that carry the Router Alert option in the IP header.

    5. Run commit

      The configuration is committed.

  • Configure multicast message filtering based on source or destination IP addresses.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations to select VLAN or VPLS networking:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name command to enter the VSI view.

    3. Perform either of the following operations to configure IGMP Query, Report, or Leave message filtering based on source or destination IP addresses.

      • Run the igmp-snooping query-ip-policy { acl-number | acl-name acl-name } command to configure IGMP Query message filtering based on source IP addresses.

        After the configuration is complete and the device receives forged IGMP Query messages from a user host, the device does not forward subsequent IGMP Report or Leave messages to the user host. This configuration prevents multicast service interruptions.

      • Run the igmp-snooping ip-policy { acl-number | acl-name acl-name } command to configure IGMP Report or Leave message filtering based on source or destination IP addresses.

        After the configuration is complete and the device receives forged IGMP Report or Leave messages from a user host, the device does not forward multicast traffic to the user host. This configuration prevents bandwidth resource waste.

    4. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 39926

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next