Chapter 1 IGMP Snooping Configuration
Internet group management protocol snooping
(IGMP Snooping) is a multicast control mechanism running on Layer 2 switch. It
is used to manage and control multicast groups.
When the IGMP messages transferred from the
hosts to the router pass through the Layer 2 switch, the switch uses IGMP
Snooping to analyze and process the IGMP messages, as shown in Table 1-1.
Table 1-1 IGMP message processing on the switch
|
Received message type
|
Sender
|
Receiver
|
Switch processing
|
|
IGMP host report message
|
Host
|
Switch
|
Add the host to the corresponding
multicast group.
|
|
IGMP leave message
|
Host
|
Switch
|
Remove the host from the multicast group.
|
By listening to IGMP messages, the switch
establishes and maintains MAC multicast address tables at data link layer, and
uses the tables to forward the multicast packets delivered from the router.
As shown in,Figure 1-1 multicast packets are broadcasted at Layer 2 when IGMP Snooping is
disabled and multicasted (not broadcasted) at Layer 2 when IGMP Snooping is
enabled.
Figure 1-1 Multicast packet transmission
with or without IGMP Snooping being enabled
I. IGMP Snooping terminologies
Before going on, we first describe the
following terms involved in IGMP Snooping:
l
Router port: the switch port directly connected
to the multicast router.
l
Multicast member port: a switch port connected
to a multicast group member (a host in a multicast group).
l
MAC multicast group: a multicast group
identified by a MAC multicast address and maintained by the switch.
The following three timers are closely
associated with IGMP snooping.
Table 1-2 IGMP Snooping timers
|
Timer
|
Setting
|
Packet normally received before
timeout
|
Timeout action on the switch
|
|
Router port aging timer
|
Aging time of the router port
|
IGMP general query message/PIM message/Dvmrp
Probe message
|
Consider that this port is not a router
port any more.
|
|
Multicast member port aging timer
|
Aging time of the multicast member ports
|
IGMP message
|
Send an IGMP group-specific query message
to the multicast member port.
|
|
Query response timer
|
Query response timeout time
|
IGMP report message
|
Remove the port from the member port list
of the multicast group.
|
II. Layer 2 multicast with IGMP
Snooping
The switch runs IGMP Snooping to listen to
IGMP messages and map the host, the port corresponding to the host, and the
corresponding multicast MAC address.
Figure 1-2 IGMP Snooping implementation
To implement Layer 2 multicast, the switch
processes four different types of IGMP messages it received, as shown in Table 1-3.
Table 1-3 IGMP Snooping messages
|
Message
|
Sender
|
Receiver
|
Purpose
|
Switch action
|
|
IGMP general query message
|
Multicast router and multicast switch
|
Multicast member switch and host
|
Query if the multicast groups contain any
member
|
Check if the message comes from the
original router port
|
If yes, reset the aging timer of the
router port
|
|
If not, notify the multicast router that
a member is in a multicast group and start the aging timer for the router
port
|
|
IGMP group-specific query message
|
Multicast router and multicast switch
|
Multicast member switch and host
|
Query if a specific IGMP multicast group
contains any member
|
Send an IGMP group-specific query message
to the IP multicast group being queried.
|
|
IGMP host report message
|
Host
|
Multicast router and multicast switch
|
Apply for joining a multicast group, or
respond to an IGMP query message
|
Check if the IP multicast group has a
corresponding MAC multicast group
|
If yes, check if the port exists in the
MAC multicast group
|
If yes, add the IP multicast group
address to the MAC multicast group table.
|
|
If not, add the port to the MAC multicast
group, reset the aging timer of the port and check if the corresponding IP
multicast group exists.
|
If yes, add the port to the IP multicast
group.
|
|
If not, create an IP multicast group and
add the port to it.
|
|
If not:
Create a MAC multicast group and notify
the multicast router that a member is ready to join the multicast group.
Add the port to the MAC multicast group
and start the aging timer of the port.
Add all ports in the VLAN owning this
port to the forward port list of the MAC multicast group.
Add the port to the IP multicast group.
|
|
IGMP leave message
|
Host
|
Multicast router and multicast switch
|
Notify the multicast router and multicast
switch that the host is leaving its multicast group.
|
Multicast router and multicast switch
send IGMP specific group query packet(s) to the multicast group whose member
host sends leave packets to check if the multicast group has any members and
enable the corresponding query timer.
|
If no response is received from the port
before the timer times out, the switch will check whether the port
corresponds to a single MAC multicast group.
If yes, remove the corresponding MAC
multicast group and IP multicast group
If no, remove only those entries that
correspond to this port in the MAC multicast group, and remove the
corresponding IP multicast group entries
|
|
If no response is received from the
multicast group before the timer times out, notify the router to remove this
multicast group node from the multicast tree
|
|
|
|
|
|
|
|
|
|
|
Caution:
An
IGMP-Snooping-enabled S3100-SI series Ethernet switch judges whether the
multicast group exists when it receives an IGMP leave packet sent by a host in
a multicast group. If this multicast group does not exist, the switch will drop
the IGMP leave packet instead of forwarding it.
The following sections describe the IGMP
Snooping configuration tasks.
l
Enabling IGMP Snooping
l
Configuring Timers
l
Enabling IGMP Fast Leave
Processing
l
Configuring IGMP Snooping
Filtering ACL
l
Configuring Multicast VLAN
Among them, enabling IGMP Snooping is required,
while others are optional (you can determine whether or not to perform these
tasks according to your needs).
You can use the
command here to enable IGMP Snooping so that it can establish and maintain MAC multicast
forwarding tables at layer 2.
Table 1-4 Enable IGMP Snooping
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable IGMP Snooping globally
|
igmp-snooping
enable
|
Required
IGMP Snooping is disabled globally.
|
|
Enter VLAN view
|
vlan vlan-id
|
—
|
|
Enable IGMP Snooping on the VLAN
|
igmp-snooping
enable
|
Required
By default, IGMP Snooping is disabled on
the VLAN.
|
Caution:
l
Although both Layer 2 and Layer 3 multicast
protocols can run on the same switch simultaneously, they cannot run
simultaneously on a VLAN and its corresponding VLAN interface.
l
IGMP Snooping functions on a VLAN only when it
is first enabled globally in system view and then enabled in the VLAN view.
This configuration
task is to manually configure the aging time of the router port and the aging
time of the multicast member ports.
l
If the switch receives no general query message
from a router within the aging time of the router port, the switch removes the router
port from the port member lists of all MAC multicast groups.
l
If the switch receives no IGMP report message within
the aging time of a member port, it transmits a group-specific query message to
the port and starts the query response timer of the IP multicast group.
Table 1-5 Configure timers
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the aging time of the router
port
|
igmp-snooping router-aging-time seconds
|
Optional
By default, the aging time of the router
port is 105 seconds.
|
|
Configure the aging time of multicast
member ports
|
igmp-snooping host-aging-time seconds
|
Optional
By default, the aging time of multicast
member ports is 260 seconds.
|
Normally, when
receiving an IGMP Leave message, IGMP Snooping does not immediately remove the
port from the multicast group, but sends a group-specific query message. If no
response is received in a given period, it then removes the port from the
multicast group.
If IGMP fast leave processing is enabled, when
receiving an IGMP Leave message, IGMP Snooping immediately removes the port from
the multicast group. When a port has only one user, enabling IGMP fast leave
processing on the port can save bandwidth.
Table 1-6 Enable the IGMP fast leave processing
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Enable IGMP fast leave processing
|
igmp-snooping fast-leave vlan vlan-id [ to vlan-id ]
|
Optional
By default this function is disabled.
|
You can configure multicast
filtering ACLs globally or on the switch ports connected to user ends so as to
use the IGMP Snooping filter function to limit the multicast streams that the users
can access. With this function, you can treat different VoD users in different
ways by allowing them to access the multicast streams in different multicast
groups.
In practice, when a user orders a multicast
program, an IGMP report message is generated. When the message arrives at the
switch, the switch examines the multicast filtering ACL configured on the access
port to determine if the port can join the corresponding multicast group or not.
If yes, it adds the port to the forward port list of the multicast group. If
not, it drops the IGMP report message and does not forward the corresponding data
stream to the port. In this way, you can control the multicast streams that
users can access.
Table 1-7 Configure IGMP Snooping filtering ACL
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable IGMP Snooping filter in system
view
|
igmp-snooping
group-policy acl-number vlan vlan-id
|
Optional
acl-number
is the number of a basic ACL; vlan-id is a VLAN ID. By default, this function is not enabled.
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Configure an IGMP Snooping filtering ACL on
the port
|
igmp-snooping
group-policy acl-number vlan vlan-id
|
Optional
acl-number
is the number of a basic ACL; vlan-id is a VLAN ID. By default, no ACL is configured on any port.
|
In old multicast mode, when users in
different VLANs order the same multicast group, the multicast stream is copied
to each of the VLANs. This mode wastes a lot of bandwidth.
By configuring a multicast VLAN, adding
switch ports to the multicast VLAN and enabling IGMP Snooping, you can make
users in different VLANs share the same multicast VLAN. This saves bandwidth
since multicast streams are transmitted only within the multicast VLAN, and
also guarantees security because the multicast VLAN is isolated from user VLANs.
Multicast VLAN is mainly used in Layer 2
switching, but you must make corresponding configuration on the Layer 3 switch.
Table 1-8 Configure multicast VLAN on Layer 3 switch
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a VLAN and enter the VLAN view
|
vlan vlan-id
|
vlan-id is
a VLAN ID.
|
|
Exit the VLAN view
|
quit
|
—
|
|
Create a VLAN interface and enter the
VLAN interface view
|
interface vlan-interface
vlan-id
|
—
|
|
Enable IGMP
|
igmp enable
|
Required
|
|
Exit the VLAN interface view
|
quit
|
—
|
|
Enter the view of the Ethernet port connected
to the Layer 2 switch
|
interface interface-type
interface-number
|
—
|
|
Define the port as a trunk or hybrid port
|
port link-type { trunk | hybrid }
|
Required
|
|
Specify the VLANs to be allowed to pass through
the Ethernet
|
port hybrid
vlan vlan-id-list { tagged | untagged }
|
Required
The multicast VLAN defined on the Layer 2
switch must be included and set as tagged.
|
|
port trunk
pvid vlan vlan-id
|
Table 1-9 Configure multicast VLAN on Layer 2 switch
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable IGMP Snooping globally
|
igmp-snooping enable
|
Required
|
|
Enter VLAN view
|
vlan vlan-id
|
vlan-id is
a VLAN ID.
|
|
Enable IGMP Snooping on the VLAN
|
igmp-snooping enable
|
Required
|
|
Enable multicast VLAN
|
service-type multicast
|
Required
|
|
Exit the VLAN view
|
quit
|
—
|
|
Enter the view of the Ethernet port connected
to the Layer 3 switch
|
interface interface-type
interface-number
|
—
|
|
Define the port as a trunk or hybrid port
|
port link-type { trunk | hybrid }
|
—
|
|
Specify the VLANs to be allowed to pass through
the Ethernet
|
port hybrid
vlan vlan-id-list { tagged | untagged }
|
The multicast VLAN must be included and
set as tagged.
|
|
port trunk
pvid vlan vlan-id
|
|
Enter the view of the Ethernet port connected
to a user device
|
interface interface-type
interface-number
|
interface-type interface-num are the interface type and interface number.
|
|
Exit the current view
|
quit
|
—
|
|
Define the port as a hybrid port
|
port link-type hybrid
|
Required
|
|
Specify the VLANs to be allowed to pass
the port
|
port hybrid vlan vlan-id-list { tagged | untagged
}
|
Required
The multicast VLAN must be included and
set as untagged.
|
l
You cannot set the isolate VLAN as a multicast
VLAN.
l
One port can belong to only one multicast VLAN.
l
The port connected to a user end can only be as
set as a hybrid port.
1.3 Displaying Information About IGMP Snooping
You can execute the following display
commands in any view to display information about IGMP Snooping.
Table 1-10
Display information about IGMP Snooping
|
Operation
|
Command
|
Description
|
|
Display the current IGMP Snooping
configuration
|
display igmp-snooping configuration
|
You can execute the display
commands in any view.
|
|
Display IGMP Snooping message statistics
|
display igmp-snooping statistics
|
|
Display IP and MAC multicast groups in one
or all VLANs
|
display igmp-snooping group [ vlan vlanid ]
|
|
Clear IGMP Snooping statistics
|
reset igmp-snooping statistics
|
You can execute the reset command
in user view.
|
Configure IGMP Snooping on a switch.
I. Network requirements
Connect the router port on the switch to
the router, and other non-router ports which belong to VLAN 10 to user PCs. Enable
IGMP Snooping on the switch.
II. Network diagram
Figure 1-3 Network
diagram for IGMP Snooping configuration
III. Configuration procedure
# Enable IGMP Snooping in system view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping enable
# Enable IGMP Snooping on VLAN 10 where no
Layer 3 multicast protocol is enabled.
[H3C] vlan 10
[H3C-vlan10] igmp-snooping enable
Configure multicast VLAN on Layer 2 and
Layer 3 switches.
I. Network requirements
Table 1-11 describes the network devices involved in this example and the
configurations you should make on them.
Table 1-11
Network devices and their configurations
|
Device
|
Description
|
|
Switch A
|
Layer 3 switch
|
The interface IP address of VLAN 20 is 168.10.1.1.
The Ethernet1/0/1 port is connected to the workstation and belongs to VLAN
20.
VLAN 10 is the multicast VLAN.
The Ethernet1/0/10 port is connected to
Switch B.
|
|
Switch B
|
Layer 2 switch
|
VLAN 2 contains the Ethernet1/0/1 port
and VLAN 3 contains the Ethernet1/0/2 port. The two ports are connected to
PC1 and PC2 respectively.
The Ethernet1/0/10 port is connected to
Switch A.
|
|
PC 1
|
User 1
|
PC1 is connected to the Ethernet1/0/1 port
on Switch B.
|
|
PC 2
|
User 2
|
It is connected to the Ethernet1/0/2 port
on Switch B.
|
Configure a multicast VLAN, so that the
users in VLAN 2 and VLAN 3 can receive multicast streams through the multicast
VLAN.
II. Network diagram
Figure 1-4
Network diagram for multicast VLAN configuration
III. Configuration procedure
The following configuration is based on the
prerequisite that the devices are properly connected and all the required IP
addresses are already configured.
1)
Configure Switch A:
# Set the interface IP address of VLAN 20 to
168.10.1.1 and enable the PIM DM protocol on the VLAN interface.
<Switch A> system-view
[Switch A] multicast routing-enable
[Switch A] vlan 20
[Switch A-vlan20] interface vlan-interface
20
[Switch A-Vlan-interface20] ip
address 168.10.1.1 255.255.255.0
[Switch A-Vlan-interface20] pim dm
[Switch A-Vlan-interface20] quit
# Configure VLAN 10.
[Switch A] vlan 10
[Switch A-vlan10] quit
# Define the Ethernet 1/0/10 port as a hybrid
port, add the port to VLAN 2, VLAN 3 and VLAN 10, and configure the port to include
VLAN tags in its outbound packets for VLAN 2, VLAN 3 and VLAN 10.
[Switch A] interface Ethernet 1/0/10
[Switch A-Ethernet 1/0/10] port
link-type hybrid
[Switch A-Ethernet 1/0/10] port
hybrid vlan 2 3 10 tagged
[Switch A-Ethernet 1/0/10] quit
# Enable PIM DM and IGMP on VLAN 10.
[Switch A] multicast routing-enable
[Switch A] interface Vlan-interface
10
[Switch A-Vlan-interface10] pim dm
[Switch A-Vlan-interface10] igmp
enable
2)
Configure Switch B:
# Enable IGMP Snooping globally.
<Switch B> system-view
[Switch B] igmp-snooping enable
# Configure VLAN 10 as a multicast VLAN and
enable IGMP Snooping on it.
[Switch B] vlan 10
[Switch B-vlan10] service-type
multicast
[Switch B-vlan10] igmp-snooping
enable
[Switch B-vlan10] quit
# Define the Ethernet 1/0/10 port as a hybrid
port, add the port to VLAN 2, VLAN 3 and VLAN 10, and configure the port to include
VLAN tags in its outbound packets for VLAN 2, VLAN 3 and VLAN 10.
[Switch B] interface Ethernet 1/0/10
[Switch B-Ethernet 1/0/10] port
link-type hybrid
[Switch B-Ethernet 1/0/10] port
hybrid vlan 2 3 10 tagged
[Switch B-Ethernet 1/0/10] quit
# Define the Ethernet 1/0/1 port as a hybrid
port, add the port to VLAN 2 and VLAN 10, and configure the port exclude VLAN
tags from its outbound packets for VLAN 2 and VLAN 10, VLAN 2 as the default
VLAN of the port.
[Switch B] interface Ethernet 1/0/1
[Switch B-Ethernet 1/0/1] port
link-type hybrid
[Switch B-Ethernet 1/0/1] port hybrid
vlan 2 10 untagged
[Switch B-Ethernet 1/0/1] port hybrid
pvid vlan 2
[Switch B-Ethernet 1/0/1] quit
# Define the Ethernet 1/0/2 port as a hybrid
port, add the port to VLAN 3 and VLAN 10, and configure the port to exclude
VLAN tags in its outbound packets for VLAN 3 and VLAN 10, and set VLAN 3 as the
default VLAN of the port.
[Switch B] interface Ethernet 1/0/1
[Switch B-Ethernet 1/0/2] port
link-type hybrid
[Switch B-Ethernet 1/0/2] port hybrid
vlan 3 10 untagged
[Switch B-Ethernet 1/0/2] port hybrid
pvid vlan 3
[Switch B-Ethernet 1/0/2] quit
1.5 Troubleshooting
IGMP Snooping
Symptom: Multicast
function does not work on the switch.
Solution:
The reason may be:
1)
IGMP Snooping is not enabled.
l
Use the display current-configuration
command to check the status of IGMP Snooping.
l
If IGMP Snooping is disabled, check whether it
is disabled globally or on the corresponding VLAN. If it is disabled globally, use
the igmp-snooping enable command in both system view and VLAN view to
enable it both globally and on the corresponding VLAN. If it is only disabled
on the VLAN, use the igmp-snooping enable command in VLAN view to enable
it on the corresponding VLAN.
2)
Multicast forwarding table set up by IGMP
Snooping is wrong.
l
Use the display igmp-snooping group
command to check if the multicast groups are expected ones.
l
If a multicast group created by IGMP Snooping is
not correct, contact your technical support personnel.
l
Continue with solution 3) if the second step
does not work.
If it is not the reason, the possible
reason may be:
3)
Multicast forwarding tables do not match.
l
Use the display mac-address vlan vlanid
command in any view to check if the MAC multicast forwarding table established
under the specified VLAN is consistent with that established by IGMP Snooping.
l
If they are not consistent, contact your technical support personnel.
