Chapter 1 IGMP Snooping Configuration
Commands
l
AmongS3600 series Ethernet switches,S3600-EI
series support all the multicast protocols listed in this manual, whileS3600-SI
series only support IGMP Snooping
l
An Ethernet switch serves as a router when an IP
multicast protocol is running on it. The routers mentioned here refer to common
routers and Layer 3 Ethernet switches running an IP multicast protocol.
Syntax
display igmp-snooping configuration
View
Any view
Parameter
None
Description
Use the display igmp-snooping
configuration command to display IGMP Snooping configuration information.
When IGMP Snooping is enabled on the
switch, this command displays the following information: IGMP Snooping status,
aging time of the router port, query response timeout time, and aging time of
multicast member ports.
Related command: igmp-snooping.
Example
# Display IGMP Snooping configuration
information on the switch.
<H3C> display igmp-snooping
configuration
Enable IGMP-Snooping.
The router port timeout is 105
second(s).
The max response timeout is 10
second(s).
The host port timeout is 260
second(s).
The above-mentioned information shows: IGMP
Snooping is enabled, the aging time of the router port is 105 seconds, the
query response timeout time is 10 seconds, and the aging time of multicast
member ports is 260 seconds.
Syntax
display igmp-snooping
group [ vlan vlan-id ]
View
Any view
Parameter
vlan-id: VLAN
under which the multicast group information is to be displayed. If you do not
provide this argument, this command displays the multicast group information of
all VLANs.
Description
Use the display igmp-snooping group
command to display information about the IP and MAC multicast groups under the specified
VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).
This command displays the following
information: VLAN ID, router port, IP multicast group address, member ports
included in the IP multicast group, MAC multicast group, MAC multicast group
address, and member ports included in the MAC multicast group.
Example
# Display the information about the
multicast groups under all the VLANs.
<H3C> display igmp-snooping
group
Total 1 IP Group(s).
Total 1 MAC Group(s).
Vlan(id):99.
Total 1 IP Group(s).
Total 1 MAC Group(s).
Static Router port(s):
Ethernet1/0/11
Dynamic Router port(s):
Ethernet1/0/22
IP group(s):the following ip
group(s) match to one mac group.
IP group address:228.0.0.0
Static host port(s):
Ethernet1/0/23
Dynamic host port(s):
Ethernet1/0/10
MAC group(s):
MAC group
address:0100-5e00-0000
Host port(s):Ethernet1/0/10
Ethernet1/0/23
Table 1-1
Description on the fields of the display
igmp-snooping group command
|
Field
|
Description
|
|
Total 1 IP Group(s).
Total 1 MAC Group(s).
|
Total number of IP multicast groups and
MAC multicast groups
|
|
Vlan(id):
|
ID of the
VLAN whose multicast group information is displayed
|
|
Static Router port(s):
|
Static router port
|
|
Dynamic Router port(s):
|
Dynamic router port
|
|
IP group address:
|
IP address of a multicast group
|
|
MAC group(s):
|
MAC multicast group
|
|
MAC group address:
|
Address of a MAC multicast group
|
|
Host port(s)
|
Member ports
|
Syntax
display igmp-snooping
statistics
View
Any view
Parameter
None
Description
Use the display igmp-snooping statistics
command to display IGMP Snooping statistics.
This command displays the following
information: the numbers of the IGMP general query packets, IGMP group-specific
query packets, IGMPv1 report packets, IGMPv2 report packets, IGMP leave packets
and error IGMP packets received, and the number of the IGMP group-specific
query packets sent.
Related command: igmp-snooping.
Example
# Display IGMP Snooping statistics.
<H3C> display igmp-snooping
statistics
Received IGMP general query packet(s)
number:0.
Received IGMP specific query
packet(s) number:0.
Received IGMP V1 report packet(s)
number:0.
Received IGMP V2 report packet(s)
number:0.
Received IGMP leave packet(s)
number:0.
Received error IGMP packet(s)
number:0.
Sent IGMP specific query packet(s)
number:0.
The information above shows that IGMP receives:
l
zero IGMP general query packets
l
zero IGMP specific query packets
l
zero IGMPv1 report packets
l
zero IGMPv2 report packets
l
zero IGMP leave packets
l
zero IGMP error packets
IGMP Snooping sends:
l
zero IGMP specific query packets
Syntax
igmp-snooping { enable | disable }
View
System view
Parameter
enable: Enables
the IGMP Snooping feature.
disable:
Disables the IGMP Snooping feature.
Description
Use the igmp-snooping enable command
to enable the IGMP Snooping feature.
Use the igmp-snooping disable
command to disable the IGMP Snooping feature.
By default, the
IGMP Snooping feature is disabled.
Caution:
l
To configure IGMP Snooping in VLAN view, you should
first enable IGMP Snooping globally in system view, and then enable IGMP
Snooping in VLAN view. Otherwise, the IGMP Snooping function does not take
effect.
l
If you enable both IGMP Snooping and VLAN VPN in
a VLAN, IGMP query messages may fail to pass the VLAN.
Example
# Enable the IGMP Snooping feature on the
switch.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping enable
Enable IGMP-Snooping ok.
Syntax
igmp-snooping
fast-leave [ vlan vlan-list ]
undo igmp-snooping
fast-leave [ vlan vlan-list ]
View
System view, Ethernet port view
Parameter
vlan-list: List
of VLANs. You can specify multiple VLANs by providing this argument in the form
of vlan-list = { vlan-id [ to vlan-id ] } &
< 1-10 >, where vlan-id is the ID of the VLAN, in the range
of 1 to 4,094 and & < 1-10 > means that you can provide up to 10 VLANs/VLAN
ranges for this argument.
Description
Use the igmp-snooping fast-leave
command to enable IGMP fast leave processing.
Use the undo igmp-snooping
fast-leave command to cancel the configuration.
By default, IGMP fast leave processing is disabled.
Normally, upon receipt of an IGMP Leave
message, Switch does not immediately remove the port from the multicast group,
but sends a group-specific query message. If no response is received in a given
period, it then removes the port from the multicast group.
After this command is executed, upon receipt
of an IGMP Leave packet, Switch removes the port from the multicast group directly.
When the port is connected to only one user, enabling IGMP fast leave
processing can save bandwidth.
l
This feature is effective for IGMPv2-enabled
clients only.
l
When this feature is enabled, if one of the
multiple users on a port leaves, the multicast services for the other users in
the same multicast group may be interrupted.
Example
# Enable IGMP fast leave processing on Ethernet1/0/1.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] igmp-snooping
fast-leave
Syntax
igmp-snooping general-query source-ip { current-interface | ip-address }
undo igmp-snooping general-query
source-ip
View
VLAN view
Parameter
current-interface:
Specifies the current interface whose IP address is selected by the Layer 2
multicast switch.
ip-address: Source
IP address of the general query packet that the Layer 2 multicast switch sends.
Description
Use the igmp-snooping general-query
source-ip current-interface command to configure the Layer 2
multicast switch to use the IP address of the current VLAN interface as the
source IP address of the general query packets that the Layer 2 multicast
switch sends. If no IP address is configured on the current VLAN interface, the
default IP address 0.0.0.0. is used as the default source IP address.
Use the igmp-snooping general-query
source-ip ip-address command to configure the Layer 2
multicast switch to use the specified IP address as the source IP address when
sending general query packets.
Use the undo igmp-snooping
general-query source-ip command to configure the Layer 2 multicast
switch to use the default IP address as the source address when sending general
query packets.
These commands are effective after the IGMP
Snooping querier is enabled on the switch; otherwise, the switch cannot send
general query packets.
By default, the Layer 2 multicast switch
sends general query packets with the source IP address 0.0.0.0.
Example
# Configure the Layer 2 multicast switch to
send general query packets with the source IP address 2.2.2.2 in VLAN 3.
<H3C> system-view
System view, return to user view with
Ctrl+Z.
[H3C] igmp-snooping enable
[H3C] vlan 3
[H3C-vlan3] igmp-snooping enable
[H3C-vlan3] igmp-snooping querier
[H3C-vlan3] igmp-snooping
general-query source-ip 2.2.2.2
Syntax
igmp-snooping
group-limit limit [ vlan vlan-list
] [ overflow-replace ]
undo igmp-snooping
group-limit [ vlan vlan-list ]
View
Ethernet port view
Parameter
limit:
Maximum number of multicast groups the port can join, in the range of 1 to 256.
overflow-replace:
Allows a new multicast group to replace an existing multicast group and the
multicast group with the lowest IP address is replaced first.
vlan-list:
List of VLANs. You can specify multiple VLANs by providing this argument in the
form of vlan-list = { vlan-id [ to vlan-id ]
}&<1-10>, where &<1-10> means that you can provide up to 10
VLANs/VLAN ranges for this argument. VLAN ID ranges from 1 to 4094.
Description
Use the igmp-snooping group-limit
command to define the maximum number of multicast groups the port can join.
Use the undo igmp-snooping group-limit
command to restore the default setting.
By default, there is no limit on the number
of multicast groups the port can join.
Example
# Allow Ethernet1/0/1 to join at most 200
multicast groups.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] igmp-snooping
group-limit 200
Syntax
igmp-snooping group-policy acl-number [ vlan vlan-list ]
undo igmp-snooping group-policy [ vlan vlan-list ]
View
System view, Ethernet port view
Parameter
acl-number:
Basic ACL number, in the range of 2000 to 2999.
vlan-id: vlan-list:
List of VLANs. You can specify multiple VLANs by providing this argument in the
form of vlan-list = { vlan-id [ to vlan-id ]
}&<1-10>, where &<1-10> means that you can provide up to 10
VLANs/VLAN ranges for this argument. VLAN ID ranges from 1 to 4094.
Description
Use the igmp-snooping group-policy
command to configure an IGMP Snooping filtering ACL.
Use the undo igmp-snooping
group-policy command to remove the IGMP Snooping filtering ACL.
By default, no IGMP Snooping filtering ACL
is configured.
You can configure multicast filtering ACLs
globally or on the switch ports connected to user ends so as to use the IGMP
Snooping filter function to limit the multicast streams that the users can access.
With this function, you can treat different VoD users in different ways by
allowing them to access the multicast streams in different multicast groups.
In practice, when a user orders a multicast
program, an IGMP host report message is generated. When the message arrives at
the switch, the switch examines the multicast filtering ACL configured on the
access port to determine if the port can join the corresponding multicast group
or not. If yes, it adds the port to the forward port list of the multicast
group; if not, it drops the IGMP host report message and does not forward the
corresponding data stream to the port. In this way, you can control the
multicast streams that users can access.
An ACL rule defines a multicast address or a
multicast address range (for example 224.0.0.1 to 239.255.255.255) and is used
to:
l
Allow the port(s) to join only the multicast
group(s) defined in the rule by a permit statement.
l
Inhibit the port(s) from joining the multicast
group(s) defined in the rule by a deny statement.
l
One port can belong to multiple VLANs. But for
each VLAN on the port, you can configure only one ACL.
l
If no ACL rule is configured or the port does
not belong to the specified VLAN, the filter ACL you configured does not take
effect on the port.
l
Since most devices broadcast unknown multicast
packets, this function is often used together with the unknown multicast packet
drop function to prevent multicast streams from being broadcast to a filtered
port as unknown multicast packets.
Example
# Configure ACL 2000 to allow users under Ethernet1/0/1
to access the multicast streams in groups 225.0.0.0 to 225.255.255.255.
l
Configure ACL 2000.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] acl number 2000
[H3C-acl-basic-2000] rule permit
source 225.0.0.0 0.255.255.255
[H3C-acl-basic-2000] quit
l
Create VLAN 2 and add Ethernet1/0/1 to VLAN 2.
[H3C] vlan 2
[H3C-vlan2] port Ethernet 1/0/1
[H3C-vlan2] quit
l
Configure ACL 2000 on Ethernet1/0/1 to allow this
VLAN 2 port to join only the IGMP multicast groups defined in the rule of ACL
2000.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] igmp-snooping
group-policy 2000 vlan 2
[H3C-Ethernet1/0/1] quit
# Configure ACL 2001 to allow users under Ethernet1/0/2
to access the multicast streams in any groups except groups 225.0.0.0 to
225.0.0.255.
l
Configure ACL 2001.
[H3C] acl number 2001
[H3C-acl-basic-2001] rule deny source
225.0.0.0 0.0.0.255
[H3C-acl-basic-2001] rule permit
source any
[H3C-acl-basic-2001] quit
l
Create VLAN 2 and add Ethernet1/0/2 to VLAN 2.
[H3C] vlan 2
[H3C-vlan2] port Ethernet 1/0/2
[H3C-vlan2] quit
l
Configure ACL 2001 on Ethernet1/0/2 to allow this
VLAN 2 port to join any IGMP multicast groups except those defined in the deny
rule of ACL 2001.
[H3C] interface Ethernet 1/0/2
[H3C-Ethernet1/0/2] igmp-snooping
group-policy 2001 vlan 2
Syntax
igmp-snooping host-aging-time seconds
undo igmp-snooping host-aging-time
View
System view
Parameter
seconds:
Aging time (in seconds) of multicast member ports, in the range of 200 to 1,000.
Description
Use the igmp-snooping host-aging-time
command to configure the aging time of multicast member port.
Use the undo igmp-snooping
host-aging-time command to restore the default aging time.
By default, the aging time of multicast
member ports is 260 seconds.
The aging time of multicast member ports
determines the refresh frequency of multicast group members. In an environment
where multicast group members change frequently, a relatively shorter aging
time is required.
Related command: igmp-snooping.
Example
# Set the aging time of multicast member
ports to 300 seconds.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping host-aging-time
300
Syntax
igmp-snooping max-response-time seconds
undo igmp-snooping max-response-time
View
System view
Parameter
seconds: Query
response timeout time in seconds, in the range of 1 to 25.
Description
Use the igmp-snooping max-response-time
command to configure the query response timeout time.
Use the undo igmp-snooping
max-response-time command to restore the default timeout time.
By default, the query response timeout time
is 10 seconds.
Related command: igmp-snooping, igmp-snooping
router-aging-time.
Example
# Set the query response timeout time to 15
seconds.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping max-response-time
15
Syntax
igmp-snooping
querier
undo igmp-snooping
querier
View
VLAN view
Parameter
None
Description
Use the igmp-snooping querier
command to enable the IGMP Snooping querier feature on the current VLAN of the
Layer 2 multicast switch.
Use the undo igmp-snooping
querier command to disable the IGMP Snooping querier feature on the current
VLAN of the Layer 2 multicast switch.
By default, the IGMP Snooping querier
feature of the Layer 2 multicast switch is disabled.
Example
# Enable the IGMP Snooping feature on VLAN
3 of the Layer 2 multicast switch.
<H3C> system-view
System view, return to user view with
Ctrl+Z.
[H3C] igmp-snooping enable
[H3C] vlan 3
[H3C-vlan3] igmp-snooping enable
[H3C-vlan3] igmp-snooping querier
Syntax
igmp-snooping
query-interval seconds
undo igmp-snooping
query-interval
View
VLAN view
Parameter
seconds:
Interval for the Layer 2 multicast switch to send general query packets.
Description
Use the igmp-snooping
query-interval command to configure the interval for the Layer 2 multicast
switch to send general query packets.
Use the undo igmp-snooping
query-interval command to restore the interval to the default value.
These commands are effective after the IGMP
Snooping querier feature is enabled. Otherwise, the switch will not send
general query packets. The configured query interval must be longer than the
maximum response interval of the host,
By default, the Layer 2 multicast switch
sends general query packets at the interval of 60 seconds.
Example
# Configure the Layer 2 multicast switch to
send general query packets at the interval of 100 seconds on VLAN 3.
<H3C> system-view
System view, return to user view with
Ctrl+Z.
[H3C] igmp-snooping enable
[H3C] vlan 3
[H3C-vlan3] igmp-snooping enable
[H3C-vlan3] igmp-snooping querier
[H3C-vlan3] igmp-snooping
query-interval 100
Syntax
igmp-snooping router-aging-time seconds
undo igmp-snooping router-aging-time
View
System view
Parameter
seconds: Aging
time (in seconds) of the router port, in the range of 1 to 1,000.
Description
Use the igmp-snooping router-aging-time
command to configure the aging time of the IGMP Snooping router port.
Use the undo igmp-snooping
router-aging-time command to restore the default aging time.
By default, the aging time of the router port
is 105 seconds.
The router port here refers to the port
connecting the Layer 2 switch to the router. The Layer 2 switch receives IGMP
general query messages from the router through this port. The aging time of the
router port should be a value about 2.5 times of the general query interval.
Related command: igmp-snooping
max-response-time, igmp-snooping.
Example
# Set the aging time of the router port to 500
seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] igmp-snooping router-aging-time
500
Syntax
reset igmp-snooping statistics
View
User view
Parameter
None
Description
Use the reset igmp-snooping statistics
command to clear IGMP Snooping statistics.
Related command: igmp-snooping.
Example
# Clear IGMP Snooping statistics.
<H3C> reset igmp-snooping
statistics
Syntax
service-type multicast
undo service-type multicast
View
VLAN view
Parameter
None
Description
Use the service-type multicast
command to set the current VLAN as a multicast VLAN.
Use the undo service-type multicast
command to cancel the multicast VLAN setting.
By default, no VLAN is a multicast VLAN.
By configuring a multicast VLAN, adding the
corresponding switch ports to the multicast VLAN, and enabling IGMP Snooping,
you can allow users in different VLANs to share the same multicast VLAN. This
saves bandwidth since multicast stream is transmitted only within the multicast
VLAN, and also guarantees the security because the multicast VLAN is completely
isolated from the user VLANs.
l
Isolate VLANs cannot be set as multicast VLANs.
l
One port belongs to one multicast VLAN only.
l
The type of ports connected to the user terminal
must be hybrid.
l
The multicast member port must be in the same
multicast VLAN with the router port. Otherwise, the port cannot receive
multicast packets.
l
If a router port is added to a multicast VLAN,
the router port must be configured as a trunk port or tagged hybrid port.
Otherwise, all the multicast member ports in this multicast VLAN cannot receive
multicast packets.
l
If a multicast member port needs to receive
packets forwarded by the router port that does not belong to any multicast
VLAN, the multicast member port must be removed from the multicast VLAN.
Otherwise, the port cannot receive multicast packets.
Example
# Configure VLAN 2 as a multicast VLAN.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] vlan 2
[H3C-vlan2] service-type multicast
