No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Multicast

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of IP multicast, including IP multicast basics, IGMP, MLD, PIM (IPv4), PIM (IPv6), MSDP, multicast VPN, multicast route management (IPv4), multicast route management (IPv6), IGMP snooping, MLD snooping, static multicast MAC address, multicast VLAN, multicast network management.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Policy to Filter IGMP Query Messages

Configuring a Policy to Filter IGMP Query Messages

Context

If an attacker sends Query messages with a smaller IP address than the real IGMP querier on the network, switches running IGMP snooping consider the attacker as a querier and forward IGMP Membership Report messages to the attacker. In this case, multicast traffic cannot be forwarded correctly. You can configure an IGMP Query message filtering policy to defend against such attacks. An IGMP Query message filtering policy permits only IGMP Query messages with specified source IP addresses and rejects other IGMP Query messages. This improves security of a Layer 2 multicast network.

An IGMP Query message filtering policy must reference an access control list (ACL). IGMP Query messages are accepted only when their source IP addresses are permitted by the referenced ACL (within the address range following permit in the ACL rule). For details about ACL configuration, see "ACL Configuration" in the CloudEngine 8800, 7800, 6800, and 5800 Series Switches Configuration Guide - Security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run vlan vlan-id

    The VLAN view is displayed.

  3. Run igmp snooping query ip-source-policy { acl-number | acl-name acl-name }

    An IGMP Query message filtering policy is configured.

    By default, no IGMP Query message filtering policy is configured in a VLAN.

  4. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075361

Views: 20260

Downloads: 21

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next