l AmongS3600 series Ethernet switches,S3600-EI series support all the multicast protocols listed in this manual, whileS3600-SI series only support IGMP Snooping

l An Ethernet switch serves as a router when an IP multicast protocol is running on it. The routers mentioned here refer to common routers and Layer 3 Ethernet switches running an IP multicast protocol.

1.1 IGMP Snooping Configuration Commands

1.1.1 display igmp-snooping configuration

Syntax

display igmp-snooping configuration

View

Any view

Parameter

None

Description

Use the display igmp-snooping configuration command to display IGMP Snooping configuration information.

When IGMP Snooping is enabled on the switch, this command displays the following information: IGMP Snooping status, aging time of the router port, query response timeout time, and aging time of multicast member ports.

Related command: igmp-snooping.

Example

# Display IGMP Snooping configuration information on the switch.

<H3C> display igmp-snooping configuration

Enable IGMP-Snooping.

The router port timeout is 105 second(s).

The max response timeout is 10 second(s).

The host port timeout is 260 second(s).

The above-mentioned information shows: IGMP Snooping is enabled, the aging time of the router port is 105 seconds, the query response timeout time is 10 seconds, and the aging time of multicast member ports is 260 seconds.

1.1.2 display igmp-snooping group

Syntax

display igmp-snooping group [ vlan vlan-id ]

View

Any view

Parameter

vlan-id: VLAN under which the multicast group information is to be displayed. If you do not provide this argument, this command displays the multicast group information of all VLANs.

Description

Use the display igmp-snooping group command to display information about the IP and MAC multicast groups under the specified VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).

This command displays the following information: VLAN ID, router port, IP multicast group address, member ports included in the IP multicast group, MAC multicast group, MAC multicast group address, and member ports included in the MAC multicast group.

Example

# Display the information about the multicast groups under all the VLANs.

<H3C> display igmp-snooping group

Total 1 IP Group(s).

Total 1 MAC Group(s).

Vlan(id):99.

Total 1 IP Group(s).

Total 1 MAC Group(s).

Static Router port(s):

Ethernet1/0/11

Dynamic Router port(s):

Ethernet1/0/22

IP group(s):the following ip group(s) match to one mac group.

IP group address:228.0.0.0

Static host port(s):

Ethernet1/0/23

Dynamic host port(s):

Ethernet1/0/10

MAC group(s):

MAC group address:0100-5e00-0000

Host port(s):Ethernet1/0/10 Ethernet1/0/23

Table 1-1 Description on the fields of the display igmp-snooping group command

Field	Description
Total 1 IP Group(s). Total 1 MAC Group(s).	Total number of IP multicast groups and MAC multicast groups
Vlan(id):	ID of the VLAN whose multicast group information is displayed
Static Router port(s):	Static router port
Dynamic Router port(s):	Dynamic router port
IP group address:	IP address of a multicast group
MAC group(s):	MAC multicast group
MAC group address:	Address of a MAC multicast group
Host port(s)	Member ports

1.1.3 display igmp-snooping statistics

Syntax

display igmp-snooping statistics

View

Any view

Parameter

None

Description

Use the display igmp-snooping statistics command to display IGMP Snooping statistics.

This command displays the following information: the numbers of the IGMP general query packets, IGMP group-specific query packets, IGMPv1 report packets, IGMPv2 report packets, IGMP leave packets and error IGMP packets received, and the number of the IGMP group-specific query packets sent.

Related command: igmp-snooping.

Example

# Display IGMP Snooping statistics.

<H3C> display igmp-snooping statistics

Received IGMP general query packet(s) number:0.

Received IGMP specific query packet(s) number:0.

Received IGMP V1 report packet(s) number:0.

Received IGMP V2 report packet(s) number:0.

Received IGMP leave packet(s) number:0.

Received error IGMP packet(s) number:0.

Sent IGMP specific query packet(s) number:0.

The information above shows that IGMP receives:

l zero IGMP general query packets

l zero IGMP specific query packets

l zero IGMPv1 report packets

l zero IGMPv2 report packets

l zero IGMP leave packets

l zero IGMP error packets

IGMP Snooping sends:

l zero IGMP specific query packets

1.1.4 igmp-snooping

Syntax

igmp-snooping { enable | disable }

View

System view

Parameter

enable: Enables the IGMP Snooping feature.

disable: Disables the IGMP Snooping feature.

Description

Use the igmp-snooping enable command to enable the IGMP Snooping feature.

Use the igmp-snooping disable command to disable the IGMP Snooping feature.

By default, the IGMP Snooping feature is disabled.

Caution:

l To configure IGMP Snooping in VLAN view, you should first enable IGMP Snooping globally in system view, and then enable IGMP Snooping in VLAN view. Otherwise, the IGMP Snooping function does not take effect.

l If you enable both IGMP Snooping and VLAN VPN in a VLAN, IGMP query messages may fail to pass the VLAN.

Example

# Enable the IGMP Snooping feature on the switch.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] igmp-snooping enable

Enable IGMP-Snooping ok.

1.1.5 igmp-snooping fast-leave

Syntax

igmp-snooping fast-leave [ vlan vlan-list ]

undo igmp-snooping fast-leave [ vlan vlan-list ]

View

System view, Ethernet port view

Parameter

vlan-list: List of VLANs. You can specify multiple VLANs by providing this argument in the form of vlan-list = { vlan-id [ to vlan-id ] } & < 1-10 >, where vlan-id is the ID of the VLAN, in the range of 1 to 4,094 and & < 1-10 > means that you can provide up to 10 VLANs/VLAN ranges for this argument.

Description

Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.

Use the undo igmp-snooping fast-leave command to cancel the configuration.

By default, IGMP fast leave processing is disabled.

Normally, upon receipt of an IGMP Leave message, Switch does not immediately remove the port from the multicast group, but sends a group-specific query message. If no response is received in a given period, it then removes the port from the multicast group.

After this command is executed, upon receipt of an IGMP Leave packet, Switch removes the port from the multicast group directly. When the port is connected to only one user, enabling IGMP fast leave processing can save bandwidth.

& Note:

l This feature is effective for IGMPv2-enabled clients only.

l When this feature is enabled, if one of the multiple users on a port leaves, the multicast services for the other users in the same multicast group may be interrupted.

Example

# Enable IGMP fast leave processing on Ethernet1/0/1.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] igmp-snooping fast-leave

1.1.6 igmp-snooping general-query source-ip

Syntax

igmp-snooping general-query source-ip { current-interface | ip-address }

undo igmp-snooping general-query source-ip

View

VLAN view

Parameter

current-interface: Specifies the current interface whose IP address is selected by the Layer 2 multicast switch.

ip-address: Source IP address of the general query packet that the Layer 2 multicast switch sends.

Description

Use the igmp-snooping general-query source-ip current-interface command to configure the Layer 2 multicast switch to use the IP address of the current VLAN interface as the source IP address of the general query packets that the Layer 2 multicast switch sends. If no IP address is configured on the current VLAN interface, the default IP address 0.0.0.0. is used as the default source IP address.

Use the igmp-snooping general-query source-ip ip-address command to configure the Layer 2 multicast switch to use the specified IP address as the source IP address when sending general query packets.

Use the undo igmp-snooping general-query source-ip command to configure the Layer 2 multicast switch to use the default IP address as the source address when sending general query packets.

These commands are effective after the IGMP Snooping querier is enabled on the switch; otherwise, the switch cannot send general query packets.

By default, the Layer 2 multicast switch sends general query packets with the source IP address 0.0.0.0.

Example

# Configure the Layer 2 multicast switch to send general query packets with the source IP address 2.2.2.2 in VLAN 3.

<H3C> system-view

System view, return to user view with Ctrl+Z.

[H3C] igmp-snooping enable

[H3C] vlan 3

[H3C-vlan3] igmp-snooping enable

[H3C-vlan3] igmp-snooping querier

[H3C-vlan3] igmp-snooping general-query source-ip 2.2.2.2

1.1.7 igmp-snooping group-limit

Syntax

igmp-snooping group-limit limit [ vlan vlan-list ] [ overflow-replace ]

undo igmp-snooping group-limit [ vlan vlan-list ]

View

Ethernet port view

Parameter

limit: Maximum number of multicast groups the port can join, in the range of 1 to 256.

overflow-replace: Allows a new multicast group to replace an existing multicast group and the multicast group with the lowest IP address is replaced first.

vlan-list: List of VLANs. You can specify multiple VLANs by providing this argument in the form of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>, where &<1-10> means that you can provide up to 10 VLANs/VLAN ranges for this argument. VLAN ID ranges from 1 to 4094.

Description

Use the igmp-snooping group-limit command to define the maximum number of multicast groups the port can join.

Use the undo igmp-snooping group-limit command to restore the default setting.

By default, there is no limit on the number of multicast groups the port can join.

Example

# Allow Ethernet1/0/1 to join at most 200 multicast groups.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] igmp-snooping group-limit 200

1.1.8 igmp-snooping group-policy

Syntax

igmp-snooping group-policy acl-number [ vlan vlan-list ]

undo igmp-snooping group-policy [ vlan vlan-list ]

View

System view, Ethernet port view

Parameter

acl-number: Basic ACL number, in the range of 2000 to 2999.

vlan-id: vlan-list: List of VLANs. You can specify multiple VLANs by providing this argument in the form of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>, where &<1-10> means that you can provide up to 10 VLANs/VLAN ranges for this argument. VLAN ID ranges from 1 to 4094.

Description

Use the igmp-snooping group-policy command to configure an IGMP Snooping filtering ACL.

Use the undo igmp-snooping group-policy command to remove the IGMP Snooping filtering ACL.

By default, no IGMP Snooping filtering ACL is configured.

You can configure multicast filtering ACLs globally or on the switch ports connected to user ends so as to use the IGMP Snooping filter function to limit the multicast streams that the users can access. With this function, you can treat different VoD users in different ways by allowing them to access the multicast streams in different multicast groups.

In practice, when a user orders a multicast program, an IGMP host report message is generated. When the message arrives at the switch, the switch examines the multicast filtering ACL configured on the access port to determine if the port can join the corresponding multicast group or not. If yes, it adds the port to the forward port list of the multicast group; if not, it drops the IGMP host report message and does not forward the corresponding data stream to the port. In this way, you can control the multicast streams that users can access.

An ACL rule defines a multicast address or a multicast address range (for example 224.0.0.1 to 239.255.255.255) and is used to:

l Allow the port(s) to join only the multicast group(s) defined in the rule by a permit statement.

l Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny statement.

& Note:

l One port can belong to multiple VLANs. But for each VLAN on the port, you can configure only one ACL.

l If no ACL rule is configured or the port does not belong to the specified VLAN, the filter ACL you configured does not take effect on the port.

l Since most devices broadcast unknown multicast packets, this function is often used together with the unknown multicast packet drop function to prevent multicast streams from being broadcast to a filtered port as unknown multicast packets.

Example

# Configure ACL 2000 to allow users under Ethernet1/0/1 to access the multicast streams in groups 225.0.0.0 to 225.255.255.255.

l Configure ACL 2000.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255

[H3C-acl-basic-2000] quit

l Create VLAN 2 and add Ethernet1/0/1 to VLAN 2.

[H3C] vlan 2

[H3C-vlan2] port Ethernet 1/0/1

[H3C-vlan2] quit

l Configure ACL 2000 on Ethernet1/0/1 to allow this VLAN 2 port to join only the IGMP multicast groups defined in the rule of ACL 2000.

[H3C] interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] igmp-snooping group-policy 2000 vlan 2

[H3C-Ethernet1/0/1] quit

# Configure ACL 2001 to allow users under Ethernet1/0/2 to access the multicast streams in any groups except groups 225.0.0.0 to 225.0.0.255.

l Configure ACL 2001.

[H3C] acl number 2001

[H3C-acl-basic-2001] rule deny source 225.0.0.0 0.0.0.255

[H3C-acl-basic-2001] rule permit source any

[H3C-acl-basic-2001] quit

l Create VLAN 2 and add Ethernet1/0/2 to VLAN 2.

[H3C] vlan 2

[H3C-vlan2] port Ethernet 1/0/2

[H3C-vlan2] quit

l Configure ACL 2001 on Ethernet1/0/2 to allow this VLAN 2 port to join any IGMP multicast groups except those defined in the deny rule of ACL 2001.

[H3C] interface Ethernet 1/0/2

[H3C-Ethernet1/0/2] igmp-snooping group-policy 2001 vlan 2

1.1.9 igmp-snooping host-aging-time

Syntax

igmp-snooping host-aging-time seconds

undo igmp-snooping host-aging-time

View

System view

Parameter

seconds: Aging time (in seconds) of multicast member ports, in the range of 200 to 1,000.

Description

Use the igmp-snooping host-aging-time command to configure the aging time of multicast member port.

Use the undo igmp-snooping host-aging-time command to restore the default aging time.

By default, the aging time of multicast member ports is 260 seconds.

The aging time of multicast member ports determines the refresh frequency of multicast group members. In an environment where multicast group members change frequently, a relatively shorter aging time is required.

Related command: igmp-snooping.

Example

# Set the aging time of multicast member ports to 300 seconds.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] igmp-snooping host-aging-time 300

1.1.10 igmp-snooping max-response-time

Syntax

igmp-snooping max-response-time seconds

undo igmp-snooping max-response-time

View

System view

Parameter

seconds: Query response timeout time in seconds, in the range of 1 to 25.

Description

Use the igmp-snooping max-response-time command to configure the query response timeout time.

Use the undo igmp-snooping max-response-time command to restore the default timeout time.

By default, the query response timeout time is 10 seconds.

Related command: igmp-snooping, igmp-snooping router-aging-time.

Example

# Set the query response timeout time to 15 seconds.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] igmp-snooping max-response-time 15

1.1.11 igmp-snooping querier

Syntax

igmp-snooping querier

undo igmp-snooping querier

View

VLAN view

Parameter

None

Description

Use the igmp-snooping querier command to enable the IGMP Snooping querier feature on the current VLAN of the Layer 2 multicast switch.

Use the undo igmp-snooping querier command to disable the IGMP Snooping querier feature on the current VLAN of the Layer 2 multicast switch.

By default, the IGMP Snooping querier feature of the Layer 2 multicast switch is disabled.

Example

# Enable the IGMP Snooping feature on VLAN 3 of the Layer 2 multicast switch.

<H3C> system-view

System view, return to user view with Ctrl+Z.

[H3C] igmp-snooping enable

[H3C] vlan 3

[H3C-vlan3] igmp-snooping enable

[H3C-vlan3] igmp-snooping querier

1.1.12 igmp-snooping query-interval

Syntax

igmp-snooping query-interval seconds

undo igmp-snooping query-interval

View

VLAN view

Parameter

seconds: Interval for the Layer 2 multicast switch to send general query packets.

Description

Use the igmp-snooping query-interval command to configure the interval for the Layer 2 multicast switch to send general query packets.

Use the undo igmp-snooping query-interval command to restore the interval to the default value.

These commands are effective after the IGMP Snooping querier feature is enabled. Otherwise, the switch will not send general query packets. The configured query interval must be longer than the maximum response interval of the host,

By default, the Layer 2 multicast switch sends general query packets at the interval of 60 seconds.

Example

# Configure the Layer 2 multicast switch to send general query packets at the interval of 100 seconds on VLAN 3.

<H3C> system-view

System view, return to user view with Ctrl+Z.

[H3C] igmp-snooping enable

[H3C] vlan 3

[H3C-vlan3] igmp-snooping enable

[H3C-vlan3] igmp-snooping querier

[H3C-vlan3] igmp-snooping query-interval 100

1.1.13 igmp-snooping router-aging-time

Syntax

igmp-snooping router-aging-time seconds

undo igmp-snooping router-aging-time

View

System view

Parameter

seconds: Aging time (in seconds) of the router port, in the range of 1 to 1,000.

Description

Use the igmp-snooping router-aging-time command to configure the aging time of the IGMP Snooping router port.

Use the undo igmp-snooping router-aging-time command to restore the default aging time.

By default, the aging time of the router port is 105 seconds.

The router port here refers to the port connecting the Layer 2 switch to the router. The Layer 2 switch receives IGMP general query messages from the router through this port. The aging time of the router port should be a value about 2.5 times of the general query interval.

Related command: igmp-snooping max-response-time, igmp-snooping.

Example

# Set the aging time of the router port to 500 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] igmp-snooping router-aging-time 500

1.1.14 reset igmp-snooping statistics

Syntax

reset igmp-snooping statistics

View

User view

Parameter

None

Description

Use the reset igmp-snooping statistics command to clear IGMP Snooping statistics.

Related command: igmp-snooping.

Example

# Clear IGMP Snooping statistics.

<H3C> reset igmp-snooping statistics

1.1.15 service-type multicast

Syntax

service-type multicast

undo service-type multicast

View

VLAN view

Parameter

None

Description

Use the service-type multicast command to set the current VLAN as a multicast VLAN.

Use the undo service-type multicast command to cancel the multicast VLAN setting.

By default, no VLAN is a multicast VLAN.

By configuring a multicast VLAN, adding the corresponding switch ports to the multicast VLAN, and enabling IGMP Snooping, you can allow users in different VLANs to share the same multicast VLAN. This saves bandwidth since multicast stream is transmitted only within the multicast VLAN, and also guarantees the security because the multicast VLAN is completely isolated from the user VLANs.

& Note:

l Isolate VLANs cannot be set as multicast VLANs.

l One port belongs to one multicast VLAN only.

l The type of ports connected to the user terminal must be hybrid.

l The multicast member port must be in the same multicast VLAN with the router port. Otherwise, the port cannot receive multicast packets.

l If a router port is added to a multicast VLAN, the router port must be configured as a trunk port or tagged hybrid port. Otherwise, all the multicast member ports in this multicast VLAN cannot receive multicast packets.

l If a multicast member port needs to receive packets forwarded by the router port that does not belong to any multicast VLAN, the multicast member port must be removed from the multicast VLAN. Otherwise, the port cannot receive multicast packets.

Example

# Configure VLAN 2 as a multicast VLAN.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] vlan 2

[H3C-vlan2] service-type multicast

Chapter 2 Common IP Multicast Configuration Commands

2.1 Common IP Multicast Configuration Commands

2.1.1 display mpm forwarding-table

Syntax

display mpm forwarding-table [ group-address ]

View

Any view

Parameter

group-address: IP address of a multicast group, in the range 224.0.0.0 to 239.255.255.255.

Description

Use the display mpm forwarding-table command to display the information about a multicast forward table/all the multicast forward tables containing port information.

With the group-address argument provided, this command only displays the matched (*, G) entries. Otherwise, this command displays all the entries.

To display the information about a multicast forward table that does not contain port information, use the display multicast forwarding-table command.

Example

# Display the information about all the multicast forward tables containing port information.

<H3C> display mpm forwarding-table

Total 1 entry(entries)

00001. (120.0.0.2, 225.0.0.2)

iif Vlan-interface1200

1 oif(s):

Vlan-interface32

Ethernet1/0/19

Total 1 entry(entries) Listed

Table 2-1 Description on the fields of the display mpm forwarding-table command

Field	Description
Total 1 entry(entries)	Total number of the entries
00001	Entry number
(120.0.0.2, 225.0.0.2)	Source address-group address pair
iif Vlan-interface1200	The inbound VLAN is VLAN 1200.
1 oif(s): 2 out-vlan(s):	Two outbound VLANs exist.
Vlan-interface32 Ethernet1/0/19	The first outbound VLAN is VLAN 32, with Ethernet1/0/19 as the outbound port
Total 1 entry(entries) Listed	The multicast forward table contains one (S,G) entry.

2.1.2 display mpm group

Syntax

display mpm group [ vlan vlan-id ]

View

Any view

Parameter

vlan vlan-id: Specifies a VLAN ID. If you do not specify this keyword-argument combination, all the VLANs are specified.

Description

Use the display mpm group command to display the information about the IP multicast groups and MAC multicast groups in a VLAN/all the VLANs configured on a switch.

The output information includes:

l VLAN ID

l Router interface

l IP multicast group address

l Member port of an IP multicast group

l MAC multicast group

l MAC multicast group address

l Member port of a MAC multicast group

Example

# Display the information about the multicast groups of VLAN2.

<H3C> display mpm group vlan 1200

Total 1 IP Group(s).

Total 1 MAC Group(s).

Vlan(id):1200.

Total 1 IP Group(s).

Total 1 MAC Group(s).

Static router port(s):

Dynamic router port(s):

IP group(s):the following ip group(s) match to one mac group.

IP group address:228.0.0.1

Host port(s):Ethernet1/0/12

MAC group(s):

MAC group address:0100-5e00-0001

Host port(s):Ethernet1/0/12

Table 2-2 Description on the fields of the display mpm group command

Field	Description
Vlan(id):1200.	The information about the multicast groups in VLAN 2 is displayed.
Dynamic router port(s):	Dynamic router ports
IP group(s):the following ip group(s) match to one mac group	IP multicast groups corresponding to the same MAC multicast group
IP group address	Address of an IP multicast group
Host port(s)	Member ports of an IP multicast group
MAC group address	Address of a MAC multicast group
Host port(s)	Member ports of a MAC multicast group

2.1.3 display multicast forwarding-table

Syntax

display multicast forwarding-table [ group-address [ mask { group-mask | mask-length } ] | source-address [ mask { group-mask | mask-length } ] | incominginterface { interfacetype interfacenumber | register } ]*

View

Any view

Parameter

group-address: Multicast group address used to specify a multicast group, in the range of 224.0.0.0 to 239.255.255.255.

source-address: Unicast IP address of the multicast source.

incoming-interface: Specifies the incoming interface of multicast forwarding entries.

register: Specifies the registration VLAN interface of PIM-SM.

Description

Use the display multicast forwarding-table command to display the information about multicast forwarding tables.

Related command: display multicast routing-table.

Example

# Display the information about the multicast forwarding table.

<H3C> display multicast forwarding-table

Multicast Forwarding Cache Table

Total 1 entry: 0 entry created by IP, 1 entry created by protocol

00001. (10.0.0.4, 225.1.1.1), iif Vlan-interface2, 0 oifs,

Protocol Create

Matched 122 pkts(183000 bytes), Wrong If 0 pkts

Forwarded 122 pkts(183000 bytes)

Total 1 entry Listed

The following table describes the fields in the displayed information above:

Table 2-3 Description on the fields of the display multicast forwarding-table command

Field	Description
Multicast Forwarding Cache Table	Multicast forwarding table
Total 1 entries	Total number of entries
00001	Serial number of an entry
(10.0.0.4, 225.1.1.1)	(s,g)
iif Vlan-interface2, 0 oifs	The incoming interface of the multicast forwarding table is vlan-interface2, and the multicast forwarding table does not have an outgoing interface.
Matched 122 pkts(183000 bytes), Wrong If 0 pkts Forwarded 122 pkts(183000 bytes)	122 packets that are 183,000 bytes in all match the (s,g) entry, and 0 wrong packet matches the (s,g) entry. 122 packets that are 183,000 bytes in all are forwarded.

2.1.4 display multicast routing-table

Syntax

display multicast routing-table [ group-address [ mask { mask | mask-length } ] | source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type interface-number | register } ]*

View

Any view

Parameter

group-address: Multicast group address used to specify a multicast group and display the routing table information corresponding to this group, in the range of 224.0.0.0 to 239.255.255.255.

source-address: Unicast IP address of the multicast source.

incoming-interface: Specifies the incoming interface of the multicast routing entry.

register: Specifies the registration interface of PIM-SM.

Description

Use the display multicast routing-table command to display the information about the IP multicast routing table.

This command is used to display the information about the multicast routing table, while the display multicast forwarding-table command is used to display the information about the multicast forwarding table.

Example

# Display the information about the routing entries corresponding to the multicast group 225.1.1.1.1 in the multicast routing table.

<H3C> display multicast routing-table

Multicast Routing Table

Total 3 entries

(4.4.4.4, 224.2.149.17)

Uptime: 00:15:16, Timeout in 272 sec

Upstream interface: Vlan-interface1(4.4.4.6)

Downstream interface list:

Vlan-interface2(2.2.2.4), Protocol 0x1: IGMP

(4.4.4.4, 224.2.254.84)

Uptime: 00:15:16, Timeout in 272 sec

Upstream interface: Vlan-interface1(4.4.4.6)

Downstream interface list: NULL

(4.4.4.4, 239.255.2.2)

Uptime: 00:02:57, Timeout in 123 sec

Upstream interface: Vlan-interface1(4.4.4.6)

Downstream interface list: NULL

Matched 3 entries

The following table describes the fields in the displayed information.

Table 2-4 Description on the fields of the display multicast routing-table command

Field	Description
Multicast Routing Table	Multicast routing table
Total 3 entries	There are three entries in all in the multicast routing table.
(4.4.4.4, 224.2.149.17)	(s,g) of the multicast routing table
Uptime: 00:15:16, Timeout in 272 sec Upstream interface: Vlan-interface1(4.4.4.6) Downstream interface list: Vlan-interface2(2.2.2.4), Protocol 0x1: IGMP	The entry is up for 15 minutes and 16 seconds, and it times out in 272 seconds. Upstream interface: vlan-interface1 (The IP address of the upstream interface is 4.4.4.6). Downstream interface list: Downstream interface: vlan-interface2. (The IP address of the downstream interface is 2.2.2.4). The downstream interface is added by the IGMP protocol.
Matched 3 entries	Three entries match the configuration.

2.1.5 display multicast-source-deny

Syntax

display multicast-source-deny [ interface interface-type [ interface-number ] ]

View

Any view

Parameter

interface-type: Port type.

interface-number: Port number.

Description

Use the display multicast-source-deny command to display the configuration information about the multicast source port check.

When you use this command to display the information,

l If you specify neither the port type nor the port number, the multicast source port check information about all the ports on the switch is displayed.

l If you specify the port type only, the multicast source port check information about all ports of this type is displayed.

l If you specify both the port type and the port number, the multicast source port check information about the specified port is displayed.

Example

# Display the multicast source port suppression state of Ethernet1/0/1.

<H3C> display multicast-source-deny interface Ethernet 1/0/1

Ethernet1/0/1 Multicast-source-deny disabled.

2.1.6 multicast route-limit

Syntax

multicast route-limit limit

undo multicast route-limit

View

System view

Parameter

limit: Limit on the capacity of the multicast routing table, in the range of 0 to 256.

Description

Use the multicast route-limit command to limit the capacity of the multicast routing table. The router will drop the protocol and data packets of the new (S, G) when the limit is reached.

Use the undo multicast route-limit command to restore the default limit on the capacity of the multicast routing table.

The limit on the capacity of the multicast routing table is 256 by default.

If the number of existing routing entries exceeds the value to be configured when you configure this command, the existing entries in the routing table will not be removed. Instead, the system will prompt that the number of existing routing entries is more than the limit to be configured.

If you execute this command again, the new configuration will overwrite the former configuration.

Example

# Set the limit on the capacity of the multicast routing table to 100.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast route-limit 100

2.1.7 multicast routing-enable

Syntax

multicast routing-enable

undo multicast routing-enable

View

System view

Parameter

None

Description

Use the multicast routing-enable command to enable the IP multicast routing feature.

Use the undo multicast routing-enable command to disable the IP multicast routing feature.

The IP multicast routing feature is disabled by default.

Related command: pim dm, pim sm.

Example

# Enable the IP multicast routing feature.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

2.1.8 multicast-source-deny

Syntax

multicast-source-deny [ interface interface-list ]

undo multicast-source-deny [ interface interface-list ]

View

System view, Ethernet port view

Parameter

interface-list: List of Ethernet ports, expressed in the form of interface-list = { interface-number [ to interface-number ] } & < 1-10 >. The interface-number argument refers to one single Ethernet port, expressed in the form of interface-number = { interface-type interface-number | interface-name }, where the interface-type argument refers to the port type, the interface-number argument refers to the port number, and the interface-name argument refers to the port name. For meanings and value ranges of interface-type, interface-number and interface-name, refer to the parameters described in the “Port Basic Configuration” module in this manual.

Description

Use the multicast-source-deny command to enable the multicast source port suppression feature.

Use the undo multicast-source-deny command to restore the default setting.

By default, the multicast source port suppression feature is disabled on all the ports.

The multicast source port suppression feature can filter multicast packets on an unauthorized multicast source port to avoid the case that the user connected to the port sets the multicast server privately.

In system view, if the interface-list argument is not specified, the multicast source port suppression feature is enabled globally (that is, the feature is enabled on all the ports of the switch); if the interface-list argument is specified, the multicast source port suppression feature is enabled on the specified ports. In Ethernet port view, the interface-list argument cannot be specified in the command and you can use the command to enable the multicast source port suppression feature on the current port only.

Example

# Enable the multicast source port suppression feature on all the ports of the switch.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast-source-deny

# Enable the multicast source port suppression feature on Ethernet1/0/1 through Ethernet1/0/10 and on Ethernet1/0/12.

[H3C] multicast-source-deny interface Ethernet 1/0/1 to Ethernet 1/0/10 Ethernet 1/0/12

2.1.9 reset multicast forwarding-table

Syntax

reset multicast forwarding-table [ statistics ] { all | { group-address [ mask { group-mask | group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] | incoming-interface interface-type interface-number } * }

View

User view

Parameter

statistics: Clears the statistics information about MFC forwarding entries if this keyword is specified. If this keyword is not specified, MFC forwarding entries will be cleared.

all: Specifies all MFC forwarding entries.

group-address: Group address.

group-mask: Group address mask.

group-mask-length: Length of group address mask.

source-address: Source address.

source-mask: Source address mask.

source-mask-length: Length of source address mask.

incoming-interface: Specifies the incoming interface of the forwarding entry.

interface-type interface-number: VLAN interface type and VLAN interface number.

Description

Use the reset multicast forwarding-table command to clear MFC forwarding entries or the statistics about MFC forwarding entries.

The order of the group-address argument and the source-address argument can be reversed. However, you must input valid group addresses and source addresses; otherwise, the system prompts an error.

Related command: reset pim routing-table, reset multicast routing-table, display multicast forwarding-table.

Example

# Clear the forwarding entries whose group address is 225.5.4.3 in the MFC forwarding table.

<H3C> reset multicast forwarding-table 225.5.4.3

# Clear the statistics about the forwarding entries whose group address is 225.5.4.3 in the MFC forwarding table.

<H3C> reset multicast forwarding-table statistics 225.5.4.3

2.1.10 reset multicast routing-table

Syntax

reset multicast routing-table { all | { group-address [ mask { group-mask | group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] | incoming-interface interface-type interface-number } * }

View

User view

Parameter

all: Specifies all routing entries in the multicast core routing table.

group-address: Group address.

group-mask: Group address mask.

group-mask-length: Length of group address mask.

source-address: Source address.

source-mask: Source address mask.

source-mask-length: Length of source address mask.

incoming-interface: Specifies the incoming interface of the routing entry.

interface-type interface-number: VLAN interface type and VLAN interface number.

Description

Use the reset multicast routing-table command to clear the routing entries in the multicast core routing table and remove the corresponding forwarding entries in the MFC forwarding table.

Related command: reset pim routing-table, reset multicast forwarding-table, display multicast forwarding-table.

Example

# Clear the routing entries whose group address is 225.5.4.3 from the multicast core routing table.

<H3C> reset multicast routing-table 225.5.4.3

Chapter 3 Multicast MAC Address Entry Configuration Commands

3.1 Multicast MAC Address Entry Configuration Commands

3.1.1 mac-address multicast interface

Syntax

mac-address multicast mac-address interface interface-list vlan vlan-id

undo mac-address multicast [ mac-address [ interface interface-list ] vlan vlan-id ]

View

System view

Parameter

mac-address: Multicast MAC address.

vlan-id: VLAN ID.

interface-list: Forward port list. You can specify multiple ports by providing this argument in the format of interface-list = { interface-type interface-number [ to { interface-type interface-number } ] }&<1-10>, where interface-type refers to the port type and interface-number refers to the port number. For meanings and value ranges of interface-type and interface-number, refer to the parameters described in the “Port Basic Configuration” module in this manual.

Description

Use the mac-address multicast command to add a multicast MAC address entry.

Use the undo mac-address multicast command to remove a multicast MAC address entry.

Each multicast MAC address entry contains multicast address, forward port, VLAN ID, and so on.

Related command: display mac-address multicast static.

Example

# Add a multicast MAC address entry, with multicast address 0100-5e0a-0805, forward port Ethernet1/0/1, and VLAN 1 to which the entry belongs.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] mac-address multicast 0100-5e0a-0805 interface Ethernet 1/0/1 vlan 1

3.1.2 mac-address multicast vlan

Syntax

mac-address multicast mac-address vlan vlan-id

undo mac-address multicast [ [ mac-address ] vlan vlan-id ]

View

Ethernet port view

Parameter

mac-address: Multicast MAC address.

vlan-id: VLAN ID.

Description

Use the mac-address multicast vlan command to add a multicast MAC address entry.

Use the undo mac-address multicast vlan command to remove a multicast MAC address entry.

Each multicast MAC address entry contains multicast address, VLAN ID, and so on.

Related command: display mac-address multicast static.

Example

# Add a multicast MAC address entry on Ethernet1/0/1, with multicast address 0100-5e0a-0805 and VLAN 1 to which the entry belongs.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1]mac-address multicast 0100-5e0a-0805 vlan 1

3.1.3 display mac-address multicast static

Syntax

display mac-address multicast [ static { { { mac-address vlan vlan-id | vlan vlan-id } [ count ] } | count } ]

View

Any view

Parameter

mac-address vlan vlan-id: Displays multicast MAC address entry/entries in the specified VLAN.

count: Displays the number of MAC entries.

vlan-id: ID of the specific VLAN.

Description

Use the display mac-address multicast static command to display the multicast MAC address entry/entries manually configured on the switch.

l Executing this command with neither mac-address nor vlan vlan-id will display the information about all the multicast MAC address entries manually added on the switch, including the multicast MAC address, VLAN ID, state of the MAC address, port number and aging time.

l Executing this command with vlan vlan-id but without mac-address will display the information about all the multicast MAC address entries manually added in the specified VLAN, including the multicast MAC address, VLAN ID, state of the MAC address, port number and aging time.

l Executing this command with both mac-address and vlan vlan-id will display the information about the multicast MAC address entries manually added in the specified VLAN with the specified multicast MAC address, including the multicast MAC address, VLAN ID, state of the MAC address, port number and aging time.

l Executing this command with count will display the information about the number of multicast MAC address entries added on the switch.

Example

# Display all the multicast MAC address entries manually added in VLAN 1.

<H3C>display mac-address multicast static vlan 1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

0100-0001-0001 1 Config static Ethernet1/0/1 N/A

Ethernet1/0/2

Ethernet1/0/3

Ethernet1/0/4

--- 1 static mac address(es) found ---

Chapter 4 Unknown Multicast Drop Configuration Command

4.1 Unknown Multicast Drop Configuration Command

4.1.1 unknown-multicast drop enable

Syntax

unknown-multicast drop enable

undo unknown-multicast drop enable

View

System view

Parameter

None

Description

Use the unknown-multicast drop enable command to enable the unknown multicast drop feature on the switch.

Use the undo unknown-multicast drop enable command to disable the unknown multicast drop feature on the switch.

Example

Enable the unknown multicast drop feature.

<H3C> system-view

System view, return to user view with Ctrl+Z.

[H3C] unknown-multicast drop enable

Chapter 5 IGMP Configuration Commands

5.1 IGMP Configuration Commands

5.1.1 display igmp group

Syntax

display igmp group [ group-address | interface interface-type interface-number ]

View

Any view

Parameter

group-address: Multicast group address.

interface-type interface-number: Interface type and VLAN interface number.

Description

Use the display igmp group command to display the member information of an IGMP multicast group.

You can specify to display the information of a group or the member information of the multicast group on a VLAN interface. The displayed information contains the multicast groups that are added by downstream hosts through IGMP or through command line.

Related command: igmp host-join.

Example

# Display the member information of the multicast groups in the system.

<H3C> display igmp group

LoopBack0 (20.20.20.20): Total 3 IGMP Groups reported:

Group Address Last Reporter Uptime Expires

225.1.1.1 20.20.20.20 00:02:04 00:01:15

225.1.1.3 20.20.20.20 00:02:04 00:01:15

225.1.1.2 20.20.20.20 00:02:04 00:01:17

Table 5-1 Description on the fields of the display igmp group command

Field	Description
Group address	Multicast group address
Last Reporter	The last host reporting to join the multicast group
Uptime	Time elapsed since multicast group was discovered (hh: mm: ss).
Expires	Specifies when the member will be removed from the multicast group (hh: mm: ss).

5.1.2 display igmp interface

Syntax

display igmp interface [ interface-type interface-number ]

View

Any view

Parameter

interface-type interface-number: VLAN interface type and VLAN interface number of the router, used to specify a VLAN interface. If this argument is not specified, the information about all the VLAN interfaces running IGMP is displayed.

Description

Use the display igmp interface command to display the IGMP configuration and running information on a VLAN interface.

Example

# Display the IGMP configuration and running information of all VLAN interfaces.

<H3C> display igmp interface

Vlan-interface1 (10.153.17.99):

IGMP is enabled

Current IGMP version is 2

Value of query interval for IGMP(in seconds): 60

Value of other querier time out for IGMP(in seconds): 120

Value of maximum query response time for IGMP(in seconds): 10

Value of robust count for IGMP: 2

Value of startup query interval for IGMP(in seconds): 15

Value of last member query interval for IGMP(in seconds): 1

Value of query timeout for IGMP version 1(in seconds): 400

Policy to accept IGMP reports: none

Querier for IGMP: 10.153.17.99 (this router)

IGMP group limit is 256

No IGMP group reported

Table 5-2 Description on the fields of the display igmp interface command

Field	Description
IGMP version	IGMP version
query interval	Interval of general query
querier timeout	Timeout time of the querier
max query response time	Maximum time of response to query
robust count	IGMP robust count, that is, the times of sending IGMP group-specific query packets before the IGMP querier receives the IGMP leave packet from the host
startup query interval	The startup interval of IGMP to send query packets
last member query interval	The interval of sending IGMP group-specific query packets when the IGMP querier receives the IGMP leave packets from the host
query timeout	Query timeout time in IGMP version 1
Policy to accept IGMP reports	The filtering policy of the IGMP multicast group to control the access to IP multicast groups
Querier for IGMP	IGMP querier
IGMP group limit	Limit on the number of IGMP groups added to the VLAN interface. The router does not process new IGMP packet if the number of IGMP packet exceeds the limit

5.1.3 igmp enable

Syntax

igmp enable

undo igmp enable

View

VLAN interface view

Parameter

None

Description

Use the igmp enable command to enable IGMP on a VLAN interface.

Use the undo igmp enable command to disable IGMP on a VLAN interface.

By default, IGMP is disabled on a VALN interface. .

These commands do not take effect until the multicast routing feature is enabled. You need to use this command before you can configure other IGMP features.

Related command: multicast routing-enable.

Example

# Enable IGMP on Vlan-interface10.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp enable

5.1.4 igmp group-limit

Syntax

igmp group-limit limit

undo igmp group-limit

View

VALN interface view

Parameter

limit: Quantity of multicast groups, in the range of 0 to 256.

Description

Use the igmp group-limit command to limit the number of multicast groups on an interface. The router does not process any new IGMP Join request when the number of IGMP groups on the interface exceeds the limit.

Use the undo igmp group-limit command to restore the default setting.

By default, up to 256 IGMP groups can be added on an interface.

If you use the command for a second time, the new configuration overwrites the old one.

Caution:

l No new group can be added if the number of IGMP multicast groups has exceeded the configured limit.

l If the limit on the number of IGMP packets is 1, a new group takes precedence; that is, the system automatically replaces an existing multicast group with the new multicast group, and the former multicast group leaves the interface automatically.

l If the number of existing multicast groups on the interface is greater than the configured limit, the system removes some existing groups automatically to satisfy the configured limit.

Example

# Limit the maximum number of IGMP groups on Vlan-interface10 to 100.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp group-limit 100

5.1.5 igmp group-policy

Syntax

igmp group-policy acl-number [ 1 | 2 | port interface-list ]

undo igmp group-policy [ port interface-list ]

View

VLAN interface view

Parameter

acl-number: Number of the basic IP ACL number, defining a multicast group range. The value ranges from 2,000 to 2,999.

1: Specifies IGMP version 1.

2: Specifies IGMP version 2. If IGMP version is not specified, version 2 will be used by default.

port: Limits the IGMP packets passing through the port and matching the ACL rules.

interface-list: Forward port list. You can specify multiple ports by providing this argument in the form of interface-list = { interface-type interface-number [ to { interface-type interface-number } ] }&<1-10>, where the interface-type argument refers to the port type, and the interface-number argument refers to the port number. For the meanings and value ranges of the interface-type argument and the interface-number argument, refer to the parameter descriptions in the “Port Basic Configuration” module in this manual.

Description

Use the igmp group-policy command to set the filter of multicast groups on the VLAN interface to control the access to IP multicast groups.

Use undo igmp group-policy command to remove the filter configured.

By default, no filter is configured; that is, a host can join any multicast group.

If you do not want the hosts on the network where the VLAN interface resides to join some multicast groups and to receive packets from the multicast groups, use this command to limit the range of the multicast groups serviced by the VLAN interface.

Related command: igmp host-join.

Caution:

Ethernet ports must belong to the igmp-group-policy-enabled VLAN interfaces only.

Example

# Configure ACL 2000.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255

[H3C-acl-basic-2000] quit

# Configure that only the hosts matching ACL 2000 rules on VLAN-interface10 can be added to the multicast group whose IGMP version is specified as 2.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp group-policy 2000 2

5.1.6 igmp group-policy vlan

Syntax

igmp group-policy acl-number vlan vlan-id

undo igmp group-policy vlan vlan-id

View

Port view

Parameter

acl-number: Number of the basic IP ACL number, defining a multicast group range. The value ranges from 2,000 to 2,999.

vlan-id: ID of the VLAN to which the port belongs.

Description

Use the igmp group-policy vlan command to set the filter of multicast groups on a port to control the access to the IP multicast groups.

Use the undo igmp group-policy vlan command to remove the configured filter.

By default, no filter is configured; that is, a host can join any multicast group.

This command performs the same function as the igmp group-policy command does. Note that the configured port must belong to the specified VLAN, and the IGMP protocol must be enabled on this port; otherwise, the configuration does not take effect.

Related command: igmp group-policy, igmp host-join port, igmp host-join vlan.

Example

# Configure that only the hosts matching ACL 2000 rules on Ethernet1/0/1 in VLAN-interface10 can be added to the multicast group.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp enable

[H3C-Vlan-interface10] quit

[H3C] interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] port access vlan 10

[H3C-Ethernet1/0/1] igmp group-policy 2000 vlan 10

5.1.7 igmp host-join port

Syntax

igmp host-join group-address port interface-list

undo igmp host-join group-address port interface--list

View

VLAN interface view

Parameter

group-address: Multicast address of the multicast group that an interface will join.

port: Specifies the port in the VLAN interface.

interface-list: Forward port list. You can specify multiple ports by providing this argument in the form of interface-list = { interface-type interface-number [ to { interface-type interface-number } ] }&<1-10> where the interface-type argument refers to the port type and the interface-number argument refers to the port number. For the meanings and value ranges of the interface-type argument and the interface-number argument, refer to the parameter descriptions in the “Port Basic Configuration” module in this manual.

Description

Use the igmp host-join port command to enable a port in the VLAN interface of a switch to join a multicast group.

Use undo igmp host-join port command to remove the configuration.

By default, a VLAN interface of a switch does not belong to any multicast group.

Related command: igmp group-policy.

Example

# Add Ethernet1/0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp host-join 225.0.0.1 port Ethernet 1/0/1

5.1.8 igmp host-join vlan

Syntax

igmp host-join group-address vlan vlan-id

undo igmp host-join group-address vlan vlan-id

View

Port view

Parameter

group-address: Multicast address of the multicast group that an interface will join.

vlan-id: ID of the VLAN to which the port belongs.

Description

Use the igmp host-join vlan command to enable an Ethernet port to join a multicast group.

Use the undo igmp host-join vlan command to disable the configuration.

By default, an Ethernet port does not belong to any multicast group.

Related command: igmp group-policy.

Example

# Add Ethernet1/0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp enable

[H3C-Vlan-interface10] quit

[H3C] interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] port access vlan 10

[H3C-Ethernet1/0/1] igmp host-join 225.0.0.1 vlan 10

5.1.9 igmp lastmember-queryinterval

Syntax

igmp lastmember-queryinterval seconds

undo igmp lastmember-queryinterval

View

VLAN interface view

Parameter

seconds: Interval for the IGMP querier to send IGMP group-specific query packets when it receives IGMP leave packets from the host. It is in the range of one second to five seconds.

Description

Use the igmp lastmember-queryinterval command to set the interval for the IGMP querier to send IGMP group-specific query packets when it receives IGMP leave packets from the host.

Use the undo igmp lastmember-queryinterval command to restore the default value.

The interval for the IGMP querier to send IGMP group-specific query packets is one second by default.

In a shared network, that is, the same network segment including multiple hosts and multicast routers, the query router (also known as querier) is responsible for maintaining the IGMP group membership on the interface. When the IGMPv2 host leaves a group, it sends an IGMP Leave message.

Upon receiving the IGMP Leave message, the IGMP querier must send the IGMP group-specific query messages for specified times (by the robust-value argument in the igmp robust-count command, with default value as 2) in a specified time interval (by the seconds argument in the igmp lastmember-queryinterval command, with default value as 1 second). If other hosts which are interested in the specified group receive the IGMP query message from the IGMP query router, they will send back the IGMP Membership Report message within the specified maximum response time interval. If it receives the IGMP Membership Report message within the defined period (equal to robust-value ´ seconds), the IGMP query router continue to maintain the membership of this group. When receiving no IGMP Membership Report message from any host within the defined period, the IGMP query router considers it as timed out and stops membership maintenance for the group.

This command is only available on the IGMP query router running IGMPv2. A host running IGMPv1 may not send the IGMP Leave message when it leaves a group. In this case, this command does not take effect for the host.

Related command: igmp robust-count, display igmp interface.

Example

# Set the query interval at the Vlan-interface10 to three seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp lastmember-queryinterval 3

5.1.10 igmp max-response-time

Syntax

igmp max-response-time seconds

undo igmp max-response-time

View

VLAN interface view

Parameter

seconds: Maximum response time in seconds in the IGMP query messages, ranging from 1 to 25.

Description

Use the igmp max-response-time command to configure the maximum response time contained in the IGMP query messages.

Use the undo igmp max-response-time command to restore the default value.

The maximum query response time is 10 seconds by default.

The maximum query response time determines the period for a router to detect that there is no more directly connected group member in the LAN.

Related command: display igmp group.

Example

# Set the maximum response time carried in host-query packets to eight seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp max-response-time 8

5.1.11 igmp proxy

Syntax

igmp proxy Vlan-interface interface-number

undo igmp proxy

View

VLAN view

Parameter

interface-number: Proxy interface number.

Description

Use the igmp proxy command to specify an interface of the Layer 3 endpoint switch as the IGMP proxy interface of another interface.

Use the undo igmp proxy command to disable this configuration.

The IGMP proxy feature is disabled by default.

You must enable the PIM protocol on the interface before configuring the igmp proxy command on the interface. One interface cannot serve as the IGMP proxy interface of two or more interfaces.

If the IGMP proxy feature is configured on the same interface for multiple times, the latest configuration takes effect.

Related command: pim neighbor-policy.

Caution:

l The multicast route feature and the IGMP protocol must be enabled on the proxy interface.

l You must enable the PIM protocol on the interface before configuring the igmp proxy command on the interface.

l One interface cannot serve as the IGMP proxy interface of two or more interfaces.

Example

# Configure VLAN-interface2 as the IGMP proxy interface of VLAN-interface1 on the Layer 3 switch.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] interface vlan-interface 1

[H3C-Vlan-interface1] igmp enable

[H3C- Vlan-interface1] igmp proxy vlan-interface 2

5.1.12 igmp robust-count

Syntax

igmp robust-count robust-value

undo igmp robust-count

View

VLAN interface view

Parameter

robust-value: IGMP robust value. It is the number of times of sending the IGMP group-specific query packets after the IGMP querier receives the IGMP Leave packet from the host. This value ranges from 2 to 5 .

Description

Use the igmp robust-count command to set the number of times of sending the IGMP group query message after the IGMP query router receives the IGMP Leave message from the host.

Use the undo igmp robust-count command to restore the default value.

By default, an IGMP querier sends IGMP group-specific query packets twice.

In a shared network, that is, the same network segment including multiple hosts and multicast routers, the query router is responsible for maintaining the IGMP group membership on the interface. When the IGMPv2 host leaves a group, it sends an IGMP Leave message. Upon receiving the IGMP Leave message, IGMP query router must send the IGMP group-specific query message for the specified times (by the robust-value argument in the igmp robust-count command, with default value as 2) at a specified time interval (by the seconds argument in the igmp lastmember-queryinterval command, with default value as one second). If other hosts that are interested in the specific group receive the IGMP group-specific query packets from the IGMP query router, they will send back the IGMP Membership Report packets within the specified maximum response time interval. If it receives the IGMP Membership Report packets within the defined period (equal to robust-value ´ seconds), the IGMP query router continue to maintain the membership of this group. When receiving no IGMP Membership Report packet from any hosts within the defined period, the IGMP query router considers it as timed out and stops membership maintenance for the group.

This command is only available on the IGMP query router running IGMPv2. A host running IGMPv1 may not send IGMP Leave packets when it leaves a group. In this case, this command does not take effect for the host.

Related command: igmp lastmember-queryinterval, display igmp interface.

Example

# Set the robust value of Vlan-interface10 to 3.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp robust-count 3

5.1.13 igmp timer other-querier-present

Syntax

igmp timer other-querier-present seconds

undo igmp timer other-querier-present

View

VLAN interface view

Parameter

seconds: Time (in seconds) during which the IGMP querier is present, in the range of 1 to 131,070.

Description

Use the igmp timer other-querier-present command to configure the presence time of the IGMP querier.

Use the undo igmp timer other-querier-present command to restore the default value.

By default, the presence time of the IGMP querier is twice the value of IGMP query message interval, that is, 120 seconds.

On a shared network, that is, the same network segment including multiple multicast routers, the query router (also known as querier) is responsible for sending query messages periodically through the VLAN interface. If other non-queriers receive no query messages within the timer period, the router considers the previous querier to be invalid and the router itself acts as a querier.

In IGMP version 1, the selection of a querier is determined by the multicast routing protocol. In IGMP version 2, the router with the lowest IP address on the shared network segment acts as the querier.

Related command: igmp timer query, display igmp interface.

Example

# Configure the querier to expire in 300 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp timer other-querier-present 300

5.1.14 igmp timer query

Syntax

igmp timer query seconds

undo igmp timer query

View

VLAN interface view

Parameter

seconds: Interval at which a router transmits IGMP query messages, in the range of 1 to 65,535 seconds.

Description

Use the igmp timer query command to configure the interval at which a router interface sends IGMP query messages.

Use the undo igmp timer query command to restore the default value.

By default, a router interface transmits IGMP query messages at the interval of 60 seconds.

A multicast router periodically sends out IGMP query messages to attached segments to find hosts that belong to different multicast groups. The query interval can be modified according to the practical conditions of the network.

Related command: igmp timer other-querier-present.

Example

# Configure to transmit host-query messages every 150 seconds through VLAN-interface2.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 2

[H3C-Vlan-interface2] igmp timer query 150

5.1.15 igmp version

Syntax

igmp version { 1 | 2 }

undo igmp version

View

VLAN interface view

Parameter

1: Specifies IGMP Version 1.

2: Specifies IGMP Version 2.

Description

Use the igmp version command to specify the version of IGMP that a router uses.

Use the undo igmp version command to restore the default value.

The default IGMP version is IGMP version 2.

All routers on a subnet must support the same version of IGMP. After detecting the presence of IGMP Version 1 system, a router cannot automatically switch to Version 1.

Example

# Run IGMP Version 1 on VLAN-interface10.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] igmp version 1

5.1.16 reset igmp group

Syntax

reset igmp group { all | interface interface-type interface-number { all | group-address [ group-mask ] } }

View

User view

Parameter

all: Specifies all IGMP groups.

interface-type interface-number: VLAN interface type and VLAN interface number.

group-address: IGMP group address.

group-mask: Mask of IGMP group address.

Description

Use the reset igmp group command to delete an existing IGMP group from the VLAN interface. The deleted group can be added to the VLAN interface again.

Example

# Delete all IGMP groups on all the VLAN interfaces.

<H3C> reset igmp group all

# Delete all IGMP groups on Vlan-interface10.

<H3C> reset igmp group interface Vlan-interface10 all

# Delete the group 225.0.0.1 from Vlan-interface10.

<H3C> reset igmp group interface Vlan-interface10 225.0.0.1

# Delete the IGMP groups ranging from 225.1.1.0 to 225.1.1.255 on Vlan-interface10.

<H3C> reset igmp group interface Vlan-interface10 225.1.1.0 255.255.255.0

Chapter 6 PIM Configuration Commands

6.1 PIM Configuration Commands

6.1.1 bsr-policy

Syntax

bsr-policy acl-number

undo bsr-policy

View

PIM view

Parameter

acl-number: ACL number imported in BSR filtering policy, in the range of 2000 to 2999.

Description

Use the bsr-policy command to limit the range of legal BSRs to prevent BSR spoofing.

Use the undo bsr-policy command to restore the default setting; that is, no range limit is set and all received messages are taken as legal.

In the PIM SM network using BSR (bootstrap router) mechanism, every router can set itself as C-BSR (candidate BSR) and take the authority to advertise RP information in the network once it wins in the contention. To prevent malicious BSR spoofing in the network, the following two measures need to be taken:

l Prevent the router from being spoofed by hosts though faking legal BSR messages to modify RP mapping. BSR messages are of multicast type and their TTL is 1, so this type of attacks often hit edge routers. Fortunately, BSRs are inside the network, while assaulting hosts are outside; therefore, neighbor and RPF checks can be used to stop this type of attacks.

l If a router in the network is manipulated by an attacker, or an illegal router gained access to the network, the attacker may set itself as C-BSR and try to win the contention and obtain authority to advertise RP information in the network. Since the router configured as C-BSR propagate BSR messages, which are multicast messages sent hop by hop with TTL as 1, in the network, then the network cannot be affected as long as the peer routers do not receive these BSR messages. One way is to configure the bsr-policy command on each router to limit the legal BSR range. For example, only 1.1.1.1/32 and 1.1.1.2/32 can be BSR. Thus, the routers cannot receive or forward BSR messages other than these two. Even legal BSRs cannot contend with them.

Problems may still exist if a legal BSR is attacked, though these two measures can effectively guarantee high BSR security.

The source keyword in the rule command is translated into BSR address in the bsr-policy command.

Related command: acl, rule.

Example

# Configure a BSR filtering policy on routers to allow only 101.1.1.1/32 to be BSR.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] pim

[H3C-pim] bsr-policy 2000

[H3C-pim] quit

[H3C] acl number 2000

[H3C-acl-basic-2000] rule 0 permit source 101.1.1.1 0

6.1.2 c-bsr

Syntax

c-bsr interface-type interface-number hash-mask-len [ priority ]

undo c-bsr

View

PIM view

Parameter

interface-type interface-number: VLAN interface. The candidate BSR is configured on the VLAN interface. PIM-SM must be enabled on the VLAN interface first.

hash-mask-len: Length of the mask. The value ranges from 0 to 32.

priority: Priority of the candidate BSR. The greater the value of the priority, the higher the priority of the BSR. The value ranges from 0 to 255. By default, the priority is 0.

Description

Use the c-bsr command to configure a candidate BSR.

Use the undo c-bsr command to remove the candidate BSR configured.

By default, no candidate BSR is set.

For the configuration of the candidate BSR, the larger bandwidth should be guaranteed since a large amount of information will be exchanged between BSR and other devices in the PIM domain.

Related command: pim sm.

Example

# Configure the switch as a BSR with a priority of 2 (and the C-BSR address is designated as the IP address of VLAN-interface10).

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] pim

[H3C-pim] c-bsr vlan-interface 10 24 2

6.1.3 c-rp

Syntax

c-rp interface-type interface-number [ group-policy acl-number | priority priority-value ]*

undo c-rp { interface-type interface-number | all }

View

PIM view

Parameter

interface-type interface-number: VLAN interface whose IP address is advertised as a candidate RP address.

acl-number: Number of the basic ACL that defines a group range. This range is the service range of the advertised RP. The value ranges from 2,000 to 2,999.

priority-value: Priority value of candidate RP, in the range of 0 to 255. The greater the value, the lower the priority level

all: Removes all candidate RP configurations.

Description

Use the c-rp command to configure the router to advertise itself as a candidate RP.

Use the undo c-rp command to remove the configuration.

By default, no candidate RP is configured and the value of RP priority is 0.

For the configuration of candidate RP, a relatively large bandwidth should be reserved for the router and other devices in the PIM domain.

Related command: c-bsr.

Example

# Configure the switch to advertise the BSR that the switch itself acts as the C-RP in the PIM. Basic ACL 2000 defines the groups related to the RP. The address of C-RP is designated as the IP address of VLAN-interface10.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255

[H3C] pim

[H3C-pim] c-rp vlan-interface 10 group-policy 2000

6.1.4 crp-policy

Syntax

crp-policy acl-number

undo crp-policy

View

PIM view

Parameter

acl-number: ACL number imported in C-RP filtering policy, ranging from 3000 to 3999.

Description

Use the crp-policy command to limit the range of legal C-RPs and define the service group range of each C-RP, so as to prevent C-RP spoofing.

Use the undo crp-policy command to restore the default setting; that is, no range limit is set and all received messages are taken as legal.

In a PIM SM network using BSR mechanism, every router can set itself as C-RP (candidate rendezvous point) servicing particular groups. If elected, a C-RP becomes the RP servicing the current group.

In BSR mechanism, a C-RP router unicasts C-RP messages to the BSR, which then propagates the C-RP messages in the network by using BSR messages. To prevent C-RP spoofing, you need to configure the crp-policy command on the BSR to limit the legal C-RP range and their service group range. Since each C-BSR has the chance to become BSR, you must configure the same filtering policy on each C-BSR router.

This command uses the ACLs numbered 3000 to 3999. The source keyword in the rule command is translated into a C-RP address in the crp-policy command, and the destination keyword into the service group range of this C-RP address. The C-RP messages received are considered as matched only when their C-RP addresses match the source address and their server group addresses are subset of those defined in the ACL.

Related command: acl, rule.

Example

# Configure C-RP filtering policy on the C-BSR routers, allowing only 1.1.1.1/32 to be C-RP and to serve only the groups 225.1.0.0/16.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] pim

[H3C-pim] crp-policy 3000

[H3C-pim] quit

[H3C] acl number 3000

[H3C-acl-adv-3000] rule 0 permit source 1.1.1.1 0 destination 225.1.0.0 0.0.255.255

6.1.5 display pim bsr-info

Syntax

display pim bsr-info

View

Any view

Parameter

None

Description

Use the display pim bsr-info command to display the BSR information.

Related command: c-bsr, c-rp.

Example

# Display the BSR information.

<H3C> display pim bsr-info

Current BSR Address: 20.20.20.30

Priority: 0

Mask Length: 30

Expires: 00:01:55

Local host is BSR

Table 6-1 Description on the fields of the display pim bsr-info command

Field	Description
BSR	BootStrap router
Priority	Priority of BSR
Mask Length: 30	Length of mask
Expires: 00:01:55	Value of the timer

6.1.6 display pim interface

Syntax

display pim interface [ interface-type interface-number ]

View

Any view

Parameter

interface-type interface-number: Interface type and interface number, used to specify the VLAN interface.

Description

Use the display pim interface command to display the PIM configuration information of the interface.

If neither the VLAN interface type nor the VLAN interface number is specified, the PIM configuration information of all VLAN interfaces is displayed; if both the VLAN interface type and the VLAN interface number are specified, the PIM configuration information about the specified VLAN interface is displayed.

Example

# Display the PIM configuration information about the VLAN interface.

<H3C> display pim interface

PIM information of VLAN-interface 2:

IP address of the interface is 10.10.1.20

PIM is enabled

PIM version is 2

PIM mode is Sparse

PIM query interval is 30 seconds

PIM neighbor limit is 128

PIM neighbor policy is none

Total 1 PIM neighbor on interface

PIM DR(designated router) is 10.10.1.20

Table 6-2 Description on the fields of the display pim interface command

Field	Description
PIM version	Version of PIM
PIM mode	PIM mode enabled on the VLAN interface (DM or SM)
PIM query interval	Hello packet interval
PIM neighbor limit	Limit on the number of PIM neighbors on the VLAN interface. No neighbor can be added when the limit is reached
PIM neighbor policy	Filtering policy of the PIM neighbors on the current interface
PIM DR	Designated router

6.1.7 display pim neighbor

Syntax

display pim neighbor [ interface interface-type interface-number ]

View

Any view

Parameter

interface-type interface-number: Interface type and interface number, used to specify the VLAN interface.

Description

Use the display pim neighbor command to display the PIM neighbor information discovered by the VLAN interface of the switch. If you specify a VLAN interface, only the PIM neighbor information about the specified VLAN interface is displayed.

Example

# Display the PIM neighbor information discovered by the VLAN interface of the neighbor.

<H3C> display pim neighbor

Neighbor Address Interface Name Uptime Expires

8.8.8.6 VLAN-interface10 1637 89

Table 6-3 Description on the fields of the display pim neighbor command

Field	Description
Neighbor Address	Neighbor address
Interface	VLAN interface on which the neighbor has been discovered
Uptime	Time elapsed since the multicast group was discovered
Expires	Specifies when the member will be removed from the group

6.1.8 display pim routing-table

Syntax

display pim routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] | **rp [ rp-address [ mask { mask-length | mask } ] ] } | { group-address [ mask { mask-length | mask } ] | source-address [ mask { mask-length | mask } ] } * } | incoming-interface { interface-type interface-number | null } | { dense-mode | sparse-mode } ] *

View

Any view

Parameter

*g: Specifies a (*, G) route entry.

mask: IP address mask.

mask-length: Length of IP address mask.

**rp: Specifies a (*, *, RP) route entry.

rp-address: RP address.

group-address: Address of the multicast group.

source-address: Address of the multicast source.

incoming-interface interface-type interface-number: Displays the route entry whose incoming VLAN interface is the specified VLAN interface.

null: Specifies the VLAN interface type as NULL.

dense-mode: Specifies the multicast routing protocol as PIM-DM.

sparse-mode: Specifies the multicast routing protocol as PIM-SM.

Description

Use the display pim routing-table command to display information about the PIM multicast routing table.

The displayed information about the PIM multicast routing table includes the SPT information and RPF information.

Example

# Display the information about the PIM multicast routing table.

<H3C> display pim routing-table

PIM-SM Routing Table

Total 1 (S,G) entry, 1 (*,G) entry, 0 (*,*,RP) entry

(*, 228.0.0.0), RP 23.12.0.1

Protocol 0x20: PIMSM, Flag 0x3: RPT WC

Uptime: 00:00:13, Timeout in 197 sec

Upstream interface: Vlan-interface1, RPF neighbor: 200.1.0.1

Downstream interface list:

Vlan-interface401, Protocol 0x100: RPT, timeout in 197 sec

(196.0.0.3, 228.0.0.0)

Protocol 0x20: PIMSM, Flag 0x4: SPT

Uptime: 00:10:49, Timeout in 196 sec

Upstream interface: Vlan-interface196, RPF neighbor: NULL

Downstream interface list:

Vlan-interface401, Protocol 0x100: RPT, timeout in 197 sec

Matched 1 (S,G) entry, 1 (*,G) entry, 0 (*,*,RP) entry

Table 6-4 Description on the fields of the display pim routing-table command

Field	Description
RP	Rendezvous Point
(S,G)	(source address, multicast group)
PIM-SM	PIM Sparse Mode
SPT	Shortest Path Tree
RPF	Reverse Path Forwarding
RPT	Rendezvous Point Tree

6.1.9 display pim rp-info

Syntax

display pim rp-info [ group-address ]

View

Any view

Parameter

group-address: Group address to be displayed. If no multicast group is specified, the RP information about all multicast groups will be displayed.

Description

Use the display pim rp-info command to display the RP information of the multicast group.

In addition, this command can also display the BSR and static RP information.

Example

# Display the RP information of the multicast group

<H3C> display pim rp-info

PIM-SM RP-SET information:

BSR is: 4.4.4.6

Group/MaskLen: 224.0.0.0/4

RP 4.4.4.6

Version: 2

Priority: 0

Uptime: 00:39:50

Expires: 00:01:40

Table 6-5 Description on the fields of the display pim rp-info command

Field	Description
PIM-SM RP-SET information:	Combination of RP information
BSR is: 4.4.4.6	BSR is the VLAN interface of 4.4.4.6 in the network
Group/MaskLen: 224.0.0.0/4 RP 4.4.4.6 Version: 2 Priority: 0 Uptime: 00:39:50 Expires: 00:01:40	The RP whose group address is 224.0.0.0 and mask length is 4 is the virtual interface of the IP address 4.4.4.6. The priority of the version 2 RP is 0. It has been up for 39 minutes and 50 seconds and will expire in one minute and forty seconds.

6.1.10 pim

Syntax

pim

undo pim

View

System view

Parameter

None

Description

Use the pim command to enter PIM view and configure the global PIM parameters. You cannot use the pim command to enable the PIM protocol.

Use the undo pim command to exit to system view and clear the global PIM parameter configurations.

Example

# Enter PIM view.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] pim

[H3C-pim]

6.1.11 pim bsr-boundary

Syntax

pim bsr-boundary

undo pim bsr-boundary

View

VLAN interface view

Parameter

None

Description

Use the pim bsr-boundary command to configure a VLAN interface of the switch as the PIM domain boundary.

Use the undo pim bsr-boundary command to remove the configured PIM domain boundary.

By default, no PIM domain boundary is configured on the switch.

After you use this command to set a PIM domain boundary on a VLAN interface, no Bootstrap message can cross this domain boundary. However, the other PIM packets can pass this domain boundary. In this way, you can divide the PIM-SM-running network into multiple domains, each of which uses a different Bootstrap router.

Note that you cannot use this command to set up a multicast boundary. Instead, this command configures just a PIM Bootstrap packet boundary.

Related command: c-bsr.

Example

# Configure domain boundary on VLAN-interface10.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] pim

[H3C-pim] quit

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] pim bsr-boundary

6.1.12 pim dm

Syntax

pim dm

undo pim dm

View

VLAN interface view

Parameter

None

Description

Use the pim dm command to enable PIM-DM.

Use the undo pim dm command to disable PIM-DM.

By default, PIM-DM is disabled.

Before enabling PIM-DM, make sure you enable multicast routing protocol by using the multicast routing-enable command in system view.

Example

# Enable the PIM-DM protocol on VLAN-interface10 of the switch.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] pim dm

6.1.13 pim neighbor-limit

Syntax

pim neighbor-limit limit

undo pim neighbor-limit

View

VLAN interface view

Parameter

limit: Upper limit on the number of PIM neighbors on the VLAN interface, in the range of 0 to 128.

Description

Use the pim neighbor-limit command to limit the number of PIM neighbors on a router interface. No neighbor can be added to the router any more when the limit is reached.

Use the undo pim neighbor-limit command to restore the default setting.

By default, the number of PIM neighbors on a VLAN interface can be up to128.

If the number of existing PIM neighbors exceeds the configured limit, they will not be deleted.

Example

# Limit the number of PIM neighbors on Vlan-interface10 within 50.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] pim neighbor-limit 50

6.1.14 pim neighbor-policy

Syntax

pim neighbor-policy acl-number

undo pim neighbor-policy

View

VLAN interface view

Parameter

acl-number: Basic ACL number, in the range of 2,000 to 2,999.

Description

Use the pim neighbor-policy command to configure the router to filter the PIM neighbors on the current VLAN interface.

Use the undo pim neighbor-policy command to disable the filtering.

Only the routers that match the filtering rule in the ACL can serve as a PIM neighbor of the current VLAN interface.

The new configuration overwrites the old one if you run the command for a second time.

Example

# Configure 10.10.1.2, but not 10.10.1.1, to serve as a PIM neighbor of the Vlan-interface10.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] pim neighbor-policy 2000

[H3C-Vlan-interface10] quit

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 10.10.1.2 0

[H3C-acl-basic-2000] rule deny source 10.10.1.1 0

6.1.15 pim sm

Syntax

pim sm

undo pim sm

View

VLAN interface view

Parameter

None

Description

Use the pim sm command to enable the PIM-SM protocol.

Use the undo pim sm command to disable the PIM-SM protocol.

By default, the PIM-SM protocol is disabled on the switch.

You must enable the PIM-SM protocol on each VLAN interface respectively. Generally, the PIM-SM protocol is enabled on each VLAN interface.

Related command: multicast routing-enable.

Example

# Enable the PIM-SM protocol on VLAN-interface10.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] pim sm

6.1.16 pim timer hello

Syntax

pim timer hello seconds

undo pim timer hello

View

VLAN interface view

Parameter

seconds: Interval (in seconds) at which a VLAN interface sends Hello packets, in the range of 1 to 18,000.

Description

Use the pim timer hello command to set the interval at which a VLAN interface sends Hello packets.

Use the undo pim timer hello command to restore the default value of the interval.

By default, a VLAN interface sends Hello packets at the interval of 30 seconds.

When the PIM-SM protocol is enabled on a VLAN interface, the switch periodically sends Hello packets to the network devices supporting PIM to discover neighbors. If the VLAN interface receives Hello packets, it means that the VLAN interface is connected to neighboring network devices that support PIM, and the VLAN interface will add the neighbors to its own neighbor list. If the VLAN interface does not receive any Hello packet from a neighbor in its neighbor list within the specified time, the neighbor is considered to have left the multicast group.

Example

# Configure VLAN-interfaceo10 of the switch to send Hello packet at the interval of 40 seconds.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] pim timer hello 40

6.1.17 register-policy

Syntax

register-policy acl-number

undo register-policy

View

PIM view

Parameter

acl-number: Number of IP advanced ACL that defines the rule for filtering the source and group addresses. The value ranges from 3000 to 3999.

Description

Use the register-policy command to configure an RP to filter the register packets sent by the DR in the PIM-SM network and to accept the specified packets only.

Use the undo register-policy command to remove the configured packet filtering.

Example

# Configure the RP to filter the register packets sent by DR and to accept only the packets sourced from segment 10.10.0.0/16 and destined for multicast group 225.1.0.0/16.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 3010

[H3C-acl-adv-3010] rule permit ip source 10.10.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255

[H3C-acl-adv-3010] quit

[H3C] pim

[H3C-pim] register-policy 3010

6.1.18 reset pim neighbor

Syntax

reset pim neighbor { all | { neighbor-address | interface interface-type interface-number } * }

View

User view

Parameter

all: Specifies all PIM neighbors.

neighbor-address: Neighbor address.

interface interface-type interface-number: Specifies a VLAN interface.

Description

Use the reset pim neighbor command to clear all PIM neighbors or PIM neighbors on the specified VLAN interface.

Related command: display pim neighbor.

Example

# Clear the PIM neighbor 25.5.4.3.

<H3C> reset pim neighbor 25.5.4.3

6.1.19 reset pim routing-table

Syntax

reset pim routing-table { all | { group-address [ mask group-mask | mask-length group-mask-length ] | source-address [ mask source-mask | mask-length source-mask-length ] | { incoming-interface interface-type interface-number } } * }

View

User view

Parameter

all: Specifies all PIM neighbors.

group-address: Group address.

mask group-mask: Specifies a group address mask.

mask-length group-mask-length: Specifies the length of group address mask.

source-address: Source address.

mask source-mask: Specifies the source address mask.

mask-length source-mask-length: Specifies the length of source address mask.

incoming-interface: Specifies the incoming interface for the route entry in PIM routing table.

interface-type interface-number: VLAN interface.

Description

Use the reset pim routing-table command to clear all PIM route entries or the specified PIM route entry.

You can type in a source address before a group address in the command, as long as they are valid. An error message will be given if you type in an invalid address.

In this command, if the group-address is 224.0.0.0/24 and source-address is the RP address (where group address can have a mask, but the resulted IP address must be 224.0.0.0, and source address has no mask), then it means only the (*, *, RP) entry will be cleared.

In this command, if the group-address is a group address, and source-address is 0 (where group address can have a mask and source address has no mask), then only the (*, G) entry will be cleared.

This command shall clear not only multicast route entries from PIM routing table, but also the corresponding route entries and forward entries in the multicast core routing table and MFC.

Related command: reset multicast routing-table, reset multicast forwarding-table, display pim routing-table.

Example

# Clear the route entries with group address 225.5.4.3 from the PIM routing table.

<H3C> reset pim routing-table 225.5.4.3

6.1.20 spt-switch-threshold

Syntax

spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number [ order order-value ] ]

undo spt-switch-threshold [ group-policy acl-number ]

View

PIM view

Parameter

traffic-rate: Multicast traffic rate in kbps, ranging from 0 to 65,535. When it takes a non-zero value, RPT does not switch to SPT.

infinity: Never switches to the SPT.

acl-number: Basic ACL number, ranging from 2000 to 2999. It defines a group range within which the rate of multicast packets is limited.

Description

Use the spt-switch-threshold command to configure the threshold for switching from RPT to source SPT.

Use the undo spt-switch-threshold command to restore the default threshold for switching from RPT to source SPT.

By default, a RPT-to-SPT switch occurs once the device receives the first multicast packet.

If you do not specify an ACL number, the threshold applies to all multicast groups.

& Note:

When you execute the spt-switch-threshold command on anS3600 Ethernet switch, the traffic-rate argument can only be set to 0. That is, the threshold can be set to 0 or infinity.

l With the threshold set to 0, the last hop switch switches to SPT once it receives the first multicast packet.

l With the threshold set to infinity, the last hop switch never switches to SPT.

Example

# Configure the last hop switch to switch to SPT upon receipt of the first multicast packet.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C]pim

[H3C-pim] spt-switch-threshold 0

6.1.21 source-policy

Syntax

source-policy acl-number

undo source-policy

View

PIM view

Parameter

acl-number: Basic or advanced ACL, in the range of 2000 to 3999.

Description

Use the source-policy command to configure the router to filter the received multicast data packets according to the source address or group address.

Use the undo source-policy command to remove the configuration.

If resource address filtering and basic ACLs are configured, the router filters the resource addresses of all multicast data packets received. Those not matched will be discarded.

If resource address filtering and advanced ACLs are configured, the router filters the resource and group addresses of all multicast data packets received. Those not matched will be discarded.

When this feature is configured, the router filters not only multicast data, but also the multicast data encapsulated in the registration packets.

The new configuration overwrites the old one if you run the command for a second time.

Example

# Configure to receive the multicast data packets from source address 10.10.1.2 and discard those from 10.10.1.1.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] pim

[H3C-pim] source-policy 2000

[H3C-pim] quit

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 10.10.1.2 0

[H3C-acl-basic-2000] rule deny source 10.10.1.1 0

6.1.22 static-rp

Syntax

static-rp rp-address [ acl-number ]

undo static-rp

View

PIM view

Parameter

rp-address: Static RP address. It must be a legal unicast IP address.

acl-number: Basic ACL, used to control the range of multicast group served by static RP. Its value ranges from 2000 to 2999. If no ACL is specified upon configuration, static RP will serve all multicast groups; if an ACL is specified, static RP will only serve the multicast group passing the ACL.

Description

Use the static-rp command to configure static RP.

Use the undo static-rp command to remove the configuration.

Static RP functions as the backup of dynamic RP to improve network robustness. If the RP elected by BSR mechanism is valid, static RP will not work. All routers in the PIM domain must be configured with this command and be specified with the same RP address.

The new configuration overwrites the old one if you execute the command for a second time.

Related command: display pim rp-info.

Example

# Configure 10.110.0.6 as a static RP.

<H3C>system-view

System View: return to User View with Ctrl+Z.

[H3C] multicast routing-enable

[H3C] pim

[H3C-pim] static-rp 10.110.0.6

Chapter 7 MSDP Configuration Commands

7.1 MSDP Configuration Commands

7.1.1 cache-sa-enable

Syntax

cache-sa-enable

undo cache-sa-enable

View

MSDP view

Parameter

None

Description

Use the cache-sa-enable command to enable the SA message cache mechanism.

Use the undo cache-sa-enable command to disable the cache mechanism.

By default, a router caches (S, G) entries after it receives an SA message.

If the router is in the cache state, it sends no SA request message to the specified MSDP peer when it receives a Join message.

Example

# Enable the router to cache all SA states.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] cache-sa-enable

7.1.2 display msdp brief

Syntax

display msdp brief

View

Any view

Parameter

None

Description

Use the display msdp brief command to display the brief information of the MSDP peer state.

Example

# Display the brief information of the MSDP peer state.

<H3C> display msdp brief

MSDP Peer Brief Information

Peer's Address State Up/Down time AS SA Count Reset Count

20.20.20.20 Up 00:00:13 100 0 0

Table 7-1 Description on the fields of the display msdp brief command

Field	Description
Peer's Address	Address of the MSDP peer
State	State
Up/Down time	Up/down time
AS	AS number
SA Count	SA count
Reset Count	Times of peer connection resets

7.1.3 display msdp peer-status

Syntax

display msdp peer-status [ peer-address ]

View

Any view

Parameter

peer-address: IP address of an MSDP peer.

Description

Use the display msdp peer-status command to display the detailed information of the MSDP peer state.

Related command: peer.

Example

# Display the detailed information of MSDP peer 10.110.11.11.

<H3C> display msdp peer-status 10.110.11.11

MSDP Peer 20.20.20.20, AS 100

Description:

Information about connection status:

State: Up

Up/down time: 14:41:08

Resets: 0

Connection interface: LoopBack0 (20.20.20.30)

Number of sent/received messages: 867/947

Number of discarded output messages: 0

Elapsed time since last connection or counters clear: 14:42:40

Information about (Source, Group)-based SA filtering policy:

Import policy: none

Export policy: none

Information about SA-Requests:

Policy to accept SA-Request messages: none

Sending SA-Requests status: disable

Minimum TTL to forward SA with encapsulated data: 0

SAs learned from this peer: 0, SA-cache maximum for the peer: none

Input queue size: 0, Output queue size: 0

Counters for MSDP message:

Count of RPF check failure: 0

Incoming/outgoing SA messages: 0/0

Incoming/outgoing SA requests: 0/0

Incoming/outgoing SA responses: 0/0

Incoming/outgoing data packets: 0/0

7.1.4 display msdp sa-cache

Syntax

display msdp sa-cache [ group-address | [ source-address ] ] [ autonomous-system-number ]

View

Any view

Parameter

group-address: Group address of the (S, G) entry.

source-address: Source address of the (S, G) entry. If you do not specify a source address, the system displays all source information of the specified group. If you specify neither a group address nor a source address, the system displays all SA caches.

autonomous-system-number: Number of the AS from which the (S,G) entry comes. The value ranges from 1 to 65535.

Description

Use the display msdp sa-cache command to display (S, G) state learned from an MSDP peer.

You must configure the cache-sa-enable command before the system can display the cache state information.

Example

# Display SA messages learned from the MSDP peer.

<H3C> display msdp sa-cache

MSDP Total Source-Active Cache - 5 entries

(Source, Group) Origin RP Pro AS Uptime Expires

(10.10.1.2, 225.1.1.1) 10.10.10.10 ? ? 00:00:10 00:05:50

(10.10.1.3, 225.1.1.1) 10.10.10.10 ? ? 00:00:11 00:05:49

(10.10.1.2, 225.1.1.2) 10.10.10.10 ? ? 00:00:11 00:05:49

(10.10.2.1, 225.1.1.2) 10.10.10.10 ? ? 00:00:11 00:05:49

(10.10.1.2, 225.1.2.2) 10.10.10.10 ? ? 00:00:11 00:05:49

MSDP matched 5 entries

Table 7-2 Description on the fields of the display msdp sa-cache command

Field	Description
(Source, Group)	(S, G) entry
Origin RP	Source RP address
Pro	Inter-domain unicast routing protocol
AS	AS number
Uptime	Up time
Expires	Expiry of a (S, G) entry

7.1.5 display msdp sa-count

Syntax

display msdp sa-count [ autonomous-system-number ]

View

Any view

Parameter

autonomous-system-number: AS from which a source and group come The value ranges from 1 to 65535.

Description

Use the display msdp sa-count command to display the number of sources and groups in MSDP cache.

The debugging output of this command is available only after the cache-sa-enable command is configured.

Example

# Display the number of sources and groups in MSDP cache.

<H3C> display msdp sa-count

Number of cached Source-Active entries, counted by Peer

Peer's Address Number of SA

10.10.10.10 5

Number of source and group, counted by AS

AS Number of source Number of group

100 3 3

Total Source-Active entries: 5

Table 7-3 Description on the fields of the display msdp sa-count command

Field	Description
Peer's Address	Address of an MSDP peer
Number of SA	Number of SA messages
AS	AS number
Number of source	Number of sources
Number of group	Number of groups

7.1.6 import-source

Syntax

import-source [ acl acl-number ]

undo import-source

View

MSDP view

Parameter

acl-number: Basic or advanced IP ACL number, ranging from 2000 to 3999. An ACL controls SA message advertisement by filtering sources (with a basic ACL) and filtering sources or groups (with an advanced ACL). If you do not specify this argument, no multicast source is advertised.

Description

Use the import-source command to specify the (S, G) entries in this domain that need to be advertised when an MSDP peer creates an SA message.

Use the undo import-source command to cancel the configuration.

By default, an SA message advertise all the (S, G) entries in the domain.

In addition, you can use the peer sa-policy import command or the peer sa-policy export command to filter forwarded SA messages.

Example

# Configure the (S, G) entries in the multicast routing table to be advertised when an MSDP peer creates an SA message.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 3101

[H3C-acl-adv-3101] rule permit ip source 10.10.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255

[H3C-acl-adv-3101] quit

[H3C] msdp

[H3C-msdp] import-source acl 3101

7.1.7 msdp

Syntax

msdp

undo msdp

View

System view

Parameter

None

Description

Use the msdp command to enable MSDP and enter MSDP view.

Use the undo msdp command to clear all configurations in MSDP view, release resources occupied by MSDP, and restore the initial state.

Related command: peer.

Example

# Clear all configurations in MSDP view.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] undo msdp

7.1.8 msdp-tracert

Syntax

msdp-tracert source-address group-address rp-address [ max-hops max-hops ] [ next-hop-info | sa-info | peer-info ]* [ skip-hops skip-hops ]

View

Any view

Parameter

source-address: Multicast source address

group-address: Multicast group address

rp-address: IP address of an RP

max-hops: Maximum number of hops to be traced, ranging from 1 to 255.The default value is 16.

next-hop-info: Collects the next hop information.

sa-info: Collects the SA entity information.

peer-info: Collects the MSDP peer information.

skip-hops: Number of hops to be skipped before the detailed information is collected, in the range of 0 to 255.

Description

Use the msdp-tracert command to trace the path along which an SA message travels, so as to locate message loss and minimize configuration errors. After determining the path of the SA message, you can prevent SA flooding through correct configuration.

By default, the number of hops to be before the switch collects the detailed information is 0.

Example

# Trace path information of 10.10.1.1, 225.2.2.2, and 20.20.20.20.

<H3C> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20

# Specify the maximum number of hops to be traced and collect the detailed SA and MSDP peer information.

<H3C> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20 max-hops 10 sa-info peer-info

MSDP tracert: press CTRL_C to break

D-bit: set if have this (S,G) in cache but with a different RP

RP-bit: set if this router is an RP

NC-bit: set if this router is not caching SA's

C-bit: set if this (S,G,RP) tuple is in the cache

MSDP trace route path information:

Router Address: 20.20.1.1

Fixed-length response info:

Peer Uptime: 10 minutes, Cache Entry Uptime: 30 minutes

D-bit: 0, RP-bit: 1, NC-bit: 0, C-bit: 1

Return Code: Reached-max-hops

Next Hop info:

Next-Hop Router Address: 0.0.0.0

SA info:

Count of SA messages received for this (S,G,RP): 0

Count of encapsulated data packets received for this (S,G,RP):0

SA cache entry uptime: 00:30:00 , SA cache entry expiry time: 00:03:32

Peering info:

Peering Uptime: 10 minutes, Count of Peering Resets: 3

Table 7-4 Description on the fields of the msdp-tracert command

Field	Description
Router Address	The address used by the local router to establish a peering session with the Peer-PRF neighbor
Peer Uptime	The time of the peering session between the local router and a Peer-RPF neighbor, in minutes. The maximum value is 255.
Cache Entry Uptime	Up time of the (S, G, RP) entry in SA cache of the local router, in minutes. The maximum value is 255.
D-bit: 1	An (S, G, RP) entry exists in the SA cache of the local router, but the RP is different from the RP specified in the request message.
RP-bit: 1	The local router is an RP, but it may be another RP than the source RP in the (S, G, RP) entry.
NC-bit: 0	SA cache is enabled on the local router.
C-bit: 1	A (S, G, RP) entry exists in SA cache of the local router.
Return Code: Reached-max-hops	Maximum number of hops is reached. Another possible value is: Hit-src-RP: The router of this hop is the source RP in the (S, G, RP) entry.
Next-Hop Router Address: 0.0.0.0	If you use the next-hop-info keyword, the address of Peer-RPF neighbor is displayed.
Count of SA messages received for this (S,G,RP)	The number of SA messages received to trace the (S, G, RP) entry.
Count of encapsulated data packets received for this (S,G,RP)	The number of packets received to trace the (S, G, RP) entry.
SA cache entry uptime	The up time of an SA cache entry
SA cache entry expiry time	The expiry time of an SA cache entry
Peering Uptime: 10 minutes	The time of the peering session between the local router and a Peer-PRF neighbor
Count of Peering Resets	Count of session resets

7.1.9 mtracert

Syntax

mtracert source-address [ group-address | last-hop-router-address group-address ]

View

Any view

Parameter

source-address: Multicast source address

group-address: Multicast group address

last-hop-router-address: IP address of the last-hop router.

Description

Use the mtracert command to trace the transmission path of the packet sent by the multicast source over the network.

Example

# Trace the packets sent by the multicast source at 3.3.3.3.

<H3C> mtracert 3.3.3.3

7.1.10 originating-rp

Syntax

originating-rp interface-type interface-number

undo originating-rp

View

MSDP view

Parameter

interface-type: Interface type

interface-number: Interface number

Description

Use the originating-rp command to allow MSDP peer to use the specified interface IP address as the RP address in the SA message when the MSDP peer creates SA messages.

Use the undo originating-rp command to cancel configuration.

By default, the RP address in an SA message is the RP address configured by PIM.

Example

# Configure the IP address of Vlan-interface100 as the RP address of the created SA message.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] originating-rp Vlan-interface 100

7.1.11 peer description

Syntax

peer peer-address description text

undo peer peer-address description

View

MSDP view

Parameter

peer-address: IP address of the MSDP peer.

text: Description text, case-sensitive. The maximum length is 80 characters.

Description

Use the peer description command to configure the description text for an MSDP peer. Use the undo peer description command to delete the configured description text.

By default, an MSDP peer has no description text.

An administrator can distinguish MSDP peers by means of the description texts.

Example

# Add the description text “router CstmrA” for the router 125.10.7.6 to specify that the router is customer A.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] peer 125.10.7.6 description router CstmrA

7.1.12 peer mesh-group

Syntax

peer peer-address mesh-group name

undo peer peer-address mesh-group

View

MSDP view

Parameter

peer-address: IP address of an MSDP peer in a mesh group.

name: Name of a mesh group, case-sensitive and containing 1 to 32 characters.

Description

Use the peer mesh-group command to add an MSDP peer to a mesh group.

Use the undo peer mesh-group command to cancel the configuration.

By default, an MSDP peer does not belong to any mesh group.

Example

# Configure the MSDP peer whose address is 125.10.7.6 as a member of the mesh group Grp1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] peer 125.10.7.6 mesh-group Grp1

7.1.13 peer minimum-ttl

Syntax

peer peer-address minimum-ttl ttl-value

undo peer peer-address minimum-ttl

View

MSDP view

Parameter

peer-address: IP address of the MSDP peer to which the TTL threshold applies.

ttl-value: TTL threshold, ranging from 0 to 255.

Description

Use the peer minimum-ttl command to configure the minimum TTL value of the multicast data packets encapsulated in SA messages and to be sent to the specified MSDP peer.

Use the undo peerminimum-ttl command to restore the default TTL threshold.

By default, the value of TTL threshold is 0.

Related command: peer.

Example

# Set the TTL threshold to 10 so that only those multicast data packets with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer 110.10.10.1.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] peer 110.10.10.1 minimum-ttl 10

7.1.14 peer request-sa-enable

Syntax

peer peer-address request-sa-enable

undo peer peer-address request-sa-enable

View

MSDP view

Parameter

peer-address: IP address of the MSDP peer.

Description

Use the peer request-sa-enable command to enable the router to send an SA request message to the specified MSDP peer upon receipt of a Join message.

Use the undo peer request-sa-enable command to remove the configuration.

By default, upon receipt of a Join message, the router sends no SA request message to the MSDP peer but waits for the next SA message.

Related command: cache-sa-enable.

Example

# Configure to send an SA request message to the MSDP peer 125.10.7.6.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] peer 125.10.7.6 request-sa-enable

7.1.15 peer sa-cache-maximum

Syntax

peer peer-address sa-cache-maximum sa-limit

undo peer peer-address sa-cache-maximum

View

MSDP view

Parameter

peer-address: IP address of the MSDP peer.

sa-limit: Maximum number of SA messages cached, ranging from 1 to 2,048.

Description

Use the peer sa-cache-maximum command to set the maximum number of SA messages cached on the router.

Use the undo peer sa-cache-maximum command to restore the default configuration.

By default, the maximum number of SA messages cached on a router is 2,048.

You are recommended to perform this configuration on all MSDP peers on a network that is vulnerable to DoS attacks.

Related command: display msdp sa-count, display msdp peer-status, display msdp brief.

Example

# Configure the SA cache of the router so that it caches a maximum of 100 SA messages received from the MSDP peer 125.10.7.6.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] peer 125.10.7.6 sa-cache-maximum 100

7.1.16 peer connect-interface

Syntax

peer peer-address connect-interface interface-type interface-number

undo peer peer-address

View

MSDP view

Parameter

peer-address: IP address of the MSDP peer.

interface-type interface-number: Interface type and interface number. The local router uses the primary address of this interface as the source IP to establish a TCP connection with the remote MSDP peer.

Description

Use the peer connect-interface command to configure an MSDP peer.

Use the undo peer connect-interface command to disable the configured MSDP peer.

If the MSDP peer of the local router is also a BGP peer, the MSDP peer and the BGP peer must use the same IP addresses.

Related command: static-rpf-peer.

Example

# Configure the router whose IP address is 125.10 .7.6 as the MSDP peer of the local router.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] peer 125.10.7.6 connect-interface Vlan-interface 100

7.1.17 peer sa-policy

Syntax

peer peer-address sa-policy { import | export } [ acl acl-number ]

undo peer peer-address sa-policy { import | export }

View

MSDP view

Parameter

import: Receives the SA messages from the specified MSDP peer.

export: Forwards the SA messages from the specified MSDP peer.

peer-address: IP address of the MSDP peer whose SA messages need to be filtered.

acl acl-number: Specifies an advanced IP ACL number ranging from 3000 to 3999. If no ACL is specified, all (S, G) entries are filtered out.

Description

Use the peer sa-policy command to configure the filtering list for receiving or forwarding the SA messages from the specified MSDP peer.

Use the undo peer sa-policy command to remove the configuration.

By default, no filtering is imposed on SA messages to be received or forwarded; namely, all SA messages from MSDP peers are received or forwarded.

Related command: peer.

Example

# Configure a filtering list so that only those SA messages permitted by the advanced IP ACL 3100 are forwarded.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 3100

[H3C-acl-adv-3100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255

[H3C-acl-adv-3100] quit

[H3C] msdp

[H3C-msdp] peer 125.10.7.6 connect-interface Vlan-interface 100

[H3C-msdp] peer 125.10.7.6 sa-policy export acl 3100

7.1.18 peer sa-request-policy

Syntax

peer peer-address sa-request-policy [ acl acl-number ]

undo peer peer-address sa-request-policy

View

MSDP view

Parameter

peer-address: IP address of an MSDP peer, the SA request messages sent from which will be filtered

acl-number: Basic IP ACL number, describing a multicast group address and in the range of 2000 to 2999. If no ACL is specified, all SA request messages will be ignored.

Description

Use the peer sa-request-policy command to limit the SA request messages that the router receives from an MSDP peer.

Use the undo peer sa-request-policy command to remove the limitation.

By default, the router receives all SA request messages from the MSDP peer.

If no ACL is specified, all SA requests will be ignored. If an ACL is specified, only those SA request messages from the groups that match the ACL rule will be processed and others are ignored.

Related command: peer.

Example

# Configure an ACL so that SA request messages from the group address range of 225.1.1.0/24 and from the MSDP peer 175.58.6.5 are received and other SA messages are ignored.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2001

[H3C-acl-basic-2001] rule permit source 225.1.1.0 0.0.0.255

[H3C-acl-basic-2001] quit

[H3C] msdp

[H3C-msdp] peer 175.58.6.5 sa-request-policy acl 2001

7.1.19 reset msdp peer

Syntax

reset msdp peer peer-address

View

User view

Parameter

peer-address: IP address of the MSDP peer

Description

Use the reset msdp peer command to reset the TCP connection with the specified MSDP peer and clear all statistics information of that MSDP peer.

Related command: peer.

Example

# Reset the TCP connection with the MSDP peer 125.10.7.6 and the statistics of the MSDP peer.

<H3C> reset msdp peer 125.10.7.6

7.1.20 reset msdp sa-cache

Syntax

reset msdp sa-cache [ group-address ]

View

User view

Parameter

group-address: Group address; the cached (S, G) entries matching this address are to be deleted from the SA cache. If no multicast group address is specified, all cached SA entries will be cleared.

Description

Use the reset msdp sa-cache command to clear cached SA entries of the MSDP peer.

Related command: cache-sa-enable, display msdp sa-cache.

Example

# Clear the cached entries whose group address is 225.5.4.3 from the SA cache.

<H3C> reset msdp sa-cache 225.5.4.3

7.1.21 reset msdp statistics

Syntax

reset msdp statistics [ peer-address ]

View

User view

Parameter

peer-address: Address of the MSDP peer whose statistics, reset information and input/output information will be cleared. If no MSDP peer address is specified, the statistics information of all MSDP peers will be cleared.

Description

Use the reset msdp statistics command to clear the statistics information of one or more MSDP peers without resetting the MSDP peer(s).

Example

# Clear the statistics information of the MSDP peer 125.10.7.6.

<H3C> reset msdp statistics 125.10.7.6

7.1.22 shutdown

Syntax

shutdown peer-address

undo shutdown peer-address

View

MSDP view

Parameter

peer-address: IP address of an MSDP peer.

Description

Use the shutdown command to shut down the specified MSDP peer.

Use the undo shutdown command to remove the configuration.

By default, no MSDP peer is shut down.

Related command: peer.

Example

# Shut down the MSDP peer 125.10.7.6.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] shutdown 125.10.7.6

7.1.23 static-rpf-peer

Syntax

static-rpf-peer peer-address [ rp-policy ip-prefix-name ]

undo static-rpf-peer peer-address

View

MSDP view

Parameter

peer-address: Address of the static RPF peer receiving SA messages.

rp-policy ip-prefix-name: Specifies a filtering policy based on RP addresses to filter RPs in SA messages. ip-prefix-name is the IP address prefix list containing 1 to 19 characters.

Description

Use the static-rpf-peer command to configure a static RPF peer.

Use the undo static-rpf-peer command to remove a static RPF peer.

By default, no static RPF peer is configured.

If only one MSDP peer is configured with the peer command, the MSDP peer will be regarded as a static RPF peer. When configuring multiple static RPF peers for the same router, make sure you follow the following two configuration methods::

l In the case that all the peers use the rp-policy keyword: Multiple static RPF peers take effect at the same time. RPs in SA messages are filtered according to the prefix list configured; only SA messages whose RP addresses pass the filtering are received. If multiple static RPF peers using the same rp-policy keyword are configured, when any of the peers receives an SA message, it will forward the SA message to the other peers.

l In the case that none of the peers use the rp-policy keyword: According to the configuration sequence, only the first static RPF peer whose connection state is UP is active. All the SA messages from this peer will be received and those from other static RPF peers will be discarded. Once the active static RPF peer fails (because the configuration is removed or the connection is terminated), based on the configuration sequence, the subsequent first static RPF peer whose connection is in the UP state will be selected as the active static RPF peer.

Related command: peer, ip ip-prefix.

Example

# Configure a static RPF peer.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ip ip-prefix list1 permit 130.10.0.0 16 greater-equal 16 less-equal 32

[H3C] msdp

[H3C-msdp] peer 130.10.7.6 connect-interface Vlan-interface 100

[H3C-msdp] static-rpf-peer 130.10.7.6 rp-policy list1

7.1.24 timer retry

Syntax

timer retry seconds

undo timer retry

View

MSDP view

Parameter

seconds: Connection request retry interval in seconds, ranging from 1 to 60.

Description

Use the timer retry command to configure a connection request retry interval.

Use the undo timer retry command to restore the default value.

By default, the connection request retry interval is 30 seconds.

Related command: peer.

Example

# Set the connection request retry interval to 60 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] msdp

[H3C-msdp] timer retry 60

H3C S3600 Series Ethernet Switches Command Manual-Release 1510(V1.04)

Chapter 1 IGMP Snooping Configuration Commands

Chapter 2 Common IP Multicast Configuration Commands

2.1.5 display multicast-source-deny

Chapter 3 Multicast MAC Address Entry Configuration Commands

Chapter 4 Unknown Multicast Drop Configuration Command

5.1.1 display igmp group

5.1.4 igmp group-limit

5.1.7 igmp host-join port

5.1.12 igmp robust-count

5.1.15 igmp version

5.1.16 reset igmp group

6.1 PIM Configuration Commands

6.1.5 display pim bsr-info

7.1 MSDP Configuration Commands

7.1.2 display msdp brief

7.1.6 import-source

7.1.8 msdp-tracert

7.1.11 peer description

7.1.22 shutdown

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us