No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring MLD Snooping Policies

(Optional) Configuring MLD Snooping Policies

To improve service security, configure MLD snooping policies on a Layer 2 multicast device to filter multicast messages or restrict the multicast group range that hosts can join.

Context

Configure MLD snooping policies to control the programs that users can join and improve the controllability and security of a Layer 2 multicast network. MLD snooping policies include:
  • Multicast group model restriction: Based on whether source addresses are defined, multicast groups are categorized as any-source multicast (ASM) and source-specific multicast (SSM) ones. If MLDv2 is used, you can configure the device to forward only ASM or SSM group data in a VLAN/VSI.

  • Multicast group address restriction: You can configure the range of multicast groups that users can join on a specified interface/sub-interface or in a specified VLAN/VSI.

  • Multicast protocol message protection: Configure the device to discard the MLD messages that do not carry the Router-Alert option in IP headers to improve device security.

  • Multicast packet filtering based on source or destination IP addresses: Configure an ACL to filter MLD Report messages based on source or destination IP addresses, which prevents forged MLD Report messages from interrupting multicast services.

The following functions are optional and can be configured in any order. Default settings are recommended.

Before configuring MLD snooping policies, enable MLD snooping both globally and in a specified VLAN/VSI view.

Procedure

  • Set a multicast group model.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations based on the VLAN or VPLS networking scenario:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name [ static ] command to enter the VSI view.

    3. Run mld-snooping version 2

      MLDv2 is set as the version of MLD snooping.

    4. Run mld-snooping { ssm-only | asm-only | asm-ssm }

      A multicast group model is set.

    5. Run commit

      The configuration is committed.

  • Set the range of multicast groups that hosts can join in a VLAN/VSI.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations based on the VLAN or VPLS networking scenario:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name [ static ] command to enter the VSI view.

    3. Run mld-snooping group-policy { acl-number | acl-name acl-name } [ version number ]

      The range of multicast groups that hosts can join is set.

    4. Run commit

      The configuration is committed.

  • Set the range of multicast groups that hosts can join on a sub-interface.
    1. Run system-view

      The system view is displayed.

    2. Run interface { ethernet | gigabitethernet | eth-trunk} interface-number.subnumber

      The sub-interface view is displayed.

    3. Run mld-snooping group-policy { acl-number | acl-name acl-name } [ version number ]

      The range of multicast groups that hosts can join is set.

    4. Run commit

      The configuration is committed.

  • Configure a security policy for multicast protocol messages.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations based on the VLAN or VPLS networking scenario:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name [ static ] command to enter the VSI view.

    3. Run mld-snooping require-router-alert

      Interfaces in a VLAN/VSI are configured to discard MLD messages that do not carry the Router-Alert option in IP headers.

      After this command is run, the device discards the MLD messages that do not carry the Router-Alert option in IP headers.

    4. Run mld-snooping send-router-alert

      The device is configured to add the Router-Alert option in IP headers of MLD messages sent to the specified VLAN/VSI.

    5. Run commit

      The configuration is committed.

  • Configure multicast message filtering based on source or destination IP addresses.
    1. Run system-view

      The system view is displayed.

    2. Perform either of the following operations based on the VLAN or VPLS networking scenario:

      • Run the vlan vlan-id command to enter the VLAN view.
      • Run the vsi vsi-name command to enter the VSI view.

    3. Run mld-snooping ip-polocy { acl-number | acl-name acl-name }

      The device is configured to filter MLD Report messages based on source or destination IP addresses.

      After the configuration is complete and the device receives forged MLD Report messages from a user host, the device does not forward multicast traffic to the network segment of the user host. This prevents bandwidth resource waste.

    4. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 40535

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next