Login
- Table of Contents
-
- 06 IP Multicast Configuration Guide
- 00-Preface
- 01-Multicast Overview
- 02-IGMP snooping configuration
- 03-PIM snooping configuration
- 04-Multicast VLAN configuration
- 05-Multicast routing and forwarding configuration
- 06-IGMP configuration
- 07-PIM configuration
- 08-MSDP configuration
- 09-Multicast VPN configuration
- 10-MLD snooping configuration
- 11-IPv6 PIM snooping configuration
- 12-IPv6 multicast VLAN configuration
- 13-IPv6 multicast routing and forwarding configuration
- 14-MLD configuration
- 15-IPv6 PIM configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 10-MLD snooping configuration | 349.54 KB |
MLD snooping configuration task list
Configuring basic MLD snooping features
Specifying an MLD snooping version
Setting the maximum number of MLD snooping forwarding entries
Configuring MLD snooping port features
Setting aging timers for dynamic ports
Configuring a port as a simulated member host
Enabling fast-leave processing
Disabling a port from becoming a dynamic router port
Configuring the MLD snooping querier
Enabling the MLD snooping querier
Configuring parameters for MLD queries and responses
Configuring parameters for MLD messages
Configuring source IPv6 addresses for MLD messages
Setting the 802.1p priority for MLD messages
Configuring MLD snooping policies
Configuring an IPv6 multicast group policy
Enabling IPv6 multicast source port filtering
Enabling dropping unknown IPv6 multicast data
Enabling MLD report suppression
Setting the maximum number of IPv6 multicast groups on a port
Enabling the IPv6 multicast group replacement feature
Displaying and maintaining MLD snooping
MLD snooping configuration examples
IPv6 group policy configuration example
Static port configuration example
MLD snooping querier configuration example
Layer 2 multicast forwarding cannot function
IPv6 multicast group policy does not work
Overview
As shown in Figure 1, when MLD snooping is not enabled, the Layer 2 switch floods IPv6 multicast packets to all hosts. When MLD snooping is enabled, the Layer 2 switch forwards multicast packets of known IPv6 multicast groups to only the receivers.
Figure 1 Multicast packet transmission processes without and with MLD snooping
Basic MLD snooping concepts
MLD snooping related ports
As shown in Figure 2, MLD snooping runs on Switch A and Switch B, and Host A and Host C are receiver hosts in an IPv6 multicast group.
Figure 2 MLD snooping related ports
The following describes the ports involved in MLD snooping, as shown in Figure 2:
· Router port—Layer 3 multicast device-side port. Layer 3 multicast devices include designated routers and MLD queriers. In Figure 2, FortyGigE 1/1/1 of Switch A and FortyGigE 1/1/1 of Switch B are the router ports. A switch records all its local router ports in a router port list.
Do not confuse the "router port" in MLD snooping with the "routed interface" commonly known as the "Layer 3 interface." The router port in MLD snooping is a Layer 2 interface.
· Member port—Multicast receiver-side port. In Figure 2, FortyGigE 1/1/2 and FortyGigE 1/1/3 of Switch A and FortyGigE 1/1/2 of Switch B are member ports. A switch records all its local member ports in its MLD snooping forwarding table.
Unless otherwise specified, router ports and member ports in this document include both static and dynamic router ports and member ports.
|
|
NOTE: When MLD snooping is enabled, all ports that receive IPv6 PIM hello messages or MLD general queries with a source IP address other than 0::0 are considered dynamic router ports. For more information about IPv6 PIM hello messages, see "Configuring IPv6 PIM." |
Aging timers for dynamic ports in MLD snooping
The following are aging timers for dynamic ports in MLD snooping:
· Dynamic router port aging timer—The switch starts this timer for a port that receives an MLD general query with the source address other than 0::0 or an IPv6 PIM hello message. If the port does not either of receive these messages before the timer expires, the switch removes the port from its router port list.
· Dynamic member port aging timer—The switch starts this timer for a port that receives an MLD report. If the port does not receive a report before the timer expires, the switch removes the port from the MLD snooping forwarding entries.
|
|
NOTE: In MLD snooping, only dynamic ports age out. Static ports never age out. |
How MLD snooping works
The ports in this section are dynamic ports. For information about how to configure and remove static ports, see "Configuring static ports."
General query
The MLD querier periodically sends MLD general queries to all hosts and routers on the local subnet to check for the existence of IPv6 multicast group members.
After receiving an MLD general query from the MLD querier, the switch forwards the query to all ports in the VLAN except the receiving port. The switch also performs one of the following operations:
· If the receiving port is a dynamic router port in the router port list, the switch restarts the aging timer for the router port.
· If the receiving port does not exist in the router port list, the switch adds the port to the router port list. It also starts an aging timer for the port.
MLD report
A host sends an MLD report to the MLD querier for the following purposes:
· Responds to queries if the host is an IPv6 multicast group member.
· Applies for an IPv6 multicast group membership.
After receiving an MLD report from a host, the switch forwards the report through all the router ports in the VLAN. It also resolves the IPv6 address of the reported IPv6 multicast group, and looks up the forwarding table for a matching entry:
· If no match is found, the switch creates a forwarding entry for the group with the receiving port as an outgoing interface. It also marks the receiving port as a dynamic member port and starts an aging timer for the port.
· If a match is found but the receiving port is not in the forwarding entry, the switch adds the receiving port as an outgoing interface to the forwarding entry. It also marks the receiving port as a dynamic member port and starts an aging timer for the port.
· If a match is found and the receiving port is in the forwarding entry, the switch restarts the aging timer for the port.
In an application with an IPv6 multicast group policy configured on an MLD snooping-enabled switch, when a user requests a multicast program, the user's host initiates an MLD report. After receiving this report message, the switch resolves the IPv6 multicast group address in the report and performs ACL filtering on the report. If the report passes ACL filtering, the switch creates an MLD snooping forwarding entry for the IPv6 multicast group with the receiving port as an outgoing interface. Otherwise, the switch drops this report message, which means the receiver does not successfully join the IPv6 multicast group and cannot retrieve the program.
A switch does not forward an MLD report through a non-router port because of the MLD report suppression mechanism. For more information about the MLD report suppression mechanism, see "Configuring MLD."
Done message
When a host leaves an IPv6 multicast group, the host sends an MLD done message to the multicast routers. When the switch receives the MLD done message on a dynamic member port, the switch first examines whether a forwarding entry matches the IPv6 multicast group address in the message.
· If no match is found, the switch discards the MLD done message.
· If a match is found but the receiving port is not in the forwarding entry, the switch discards the MLD done message.
· If a match is found and the receiving port is in the forwarding entry, the switch forwards the done message to all router ports in the VLAN. The switch does not immediately remove the port from the forwarding entry for that group. Instead, it restarts the aging timer for the port.
After receiving the MLD done message, the MLD querier resolves the IPv6 multicast group address in the message. Then, it sends an MLD multicast-address-specific query to the IPv6 multicast group through the port that received the done message.
After receiving the MLD multicast-address-specific query, the switch forwards the query through all its router ports in the VLAN and all member ports of the IPv6 multicast group. Then, it waits for the responding MLD reports from the directly connected hosts. For the member port that received the done message, the switch performs one of the following operations:
· If the port receives an MLD report before the aging timer expires, the switch adjusts the aging timer for the port.
· If the port does not receive an MLD report when the aging timer expires, the switch removes the port from the forwarding entry for the IPv6 multicast group.
Protocols and standards
RFC 4541, Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches
MLD snooping configuration task list
The MLD snooping configurations made on Layer 2 aggregate interfaces do not interfere with the configurations made on member ports. In addition, the configurations made on Layer 2 aggregate interfaces do not take part in aggregation calculations. The configuration made on a member port of the aggregate group takes effect after the port leaves the aggregate group.
Configuring basic MLD snooping features
Before you configure basic MLD snooping features, complete the following tasks:
· Configure the associated VLANs.
· Determine the MLD snooping version.
· Determine the MLD last listener query interval.
· Determine the maximum response time for MLD general queries.
Enabling MLD snooping
When you enable MLD snooping, follow these guidelines:
· You must enable MLD snooping globally before you can enable it for a VLAN.
· MLD snooping for a VLAN works only on the member ports in that VLAN.
You can enable MLD snooping for the specified VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the configuration in VLAN interface has the same priority as the configuration in MLD-snooping view, and the most recent configuration takes effect.
To enable MLD snooping for the specified VLANs in MLD-snooping view:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable MLD snooping globally and enter MLD-snooping view. |
mld-snooping |
By default, MLD snooping is disabled globally. |
|
3. Enable MLD snooping for the specified VLANs. |
enable vlan vlan-list |
By default, MLD snooping is disabled for any VLANs. |
To enable MLD snooping for a VLAN in VLAN view:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable MLD snooping globally and enter MLD-snooping view. |
mld-snooping |
By default, MLD snooping is globally disabled. |
|
3. Return to system view. |
quit |
N/A |
|
4. Enter VLAN view. |
vlan vlan-id |
N/A |
|
5. Enable MLD snooping for the VLAN. |
mld-snooping enable |
By default, MLD snooping is disabled in a VLAN. |
Specifying an MLD snooping version
Different MLD snooping versions can process different versions of MLD messages:
· MLDv1 snooping can process MLDv1 messages, but it floods MLDv2 messages in the VLAN instead of processing them.
· MLDv2 snooping can process MLDv1 and MLDv2 messages.
If you change MLDv2 snooping to MLDv1 snooping, the system does the following:
· Clears all MLD snooping forwarding entries that are dynamically created.
· Keeps static MLDv2 snooping forwarding entries (*, G).
· Clears static MLDv2 snooping forwarding entries (S, G), which will be restored when MLD snooping is switched back to MLDv2 snooping.
For more information about static MLD snooping forwarding entries, see "Configuring static ports."
You can specify the version for the specified VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the configuration in VLAN view has the same priority as the configuration in MLD-snooping view, and the most recent configuration takes effect.
To specify an MLD snooping version for the specified VLANs in MLD-snooping view:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable MLD snooping globally and enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Specify an MLD snooping version for the specified VLANs. |
version version-number vlan vlan-list |
The default setting is 1. |
To specify an MLD snooping version for a VLAN in VLAN view:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Specify an MLD snooping version for the VLAN. |
mld-snooping version version-number |
The default setting is 1. |
Setting the maximum number of MLD snooping forwarding entries
You can modify the maximum number of MLD snooping forwarding entries, including dynamic entries and static entries. When the number of forwarding entries on the device reaches the upper limit, the device does not automatically remove any existing entries. To allow new entries to be created, H3C recommends that you manually remove some entries.
To set the maximum number of MLD snooping forwarding entries:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the maximum number of MLD snooping forwarding entries. |
entry-limit limit |
The default setting is 4294967295. |
Configuring MLD snooping port features
Before you configure MLD snooping port features, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the aging timer for dynamic router ports.
· Determine the aging timer for dynamic member ports.
· Determine the addresses of the IPv6 multicast group and IPv6 multicast source.
Setting aging timers for dynamic ports
When you set aging timers for dynamic ports, follow these guidelines:
· If the memberships of IPv6 multicast groups frequently change, set a relatively small value for the aging timer of the dynamic member ports. If the memberships of IPv6 multicast groups rarely change, you can set a relatively large value.
· If a dynamic router port receives an IPv6 PIMv2 hello message, the aging timer value for the port is specified by the hello message. In this case, the mld-snooping router-aging-time command does not take effect on the port.
· You can set the timers globally for all VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the VLAN-specific configuration takes priority over the global configuration.
Setting the aging timers for dynamic ports globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the aging timer for dynamic router ports globally. |
router-aging-time interval |
The default setting is 260 seconds. |
|
4. Set the aging timer for dynamic member ports globally. |
host-aging-time interval |
The default setting is 260 seconds. |
Setting the aging timers for the dynamic ports in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the aging timer for the dynamic router ports in the VLAN. |
mld-snooping router-aging-time interval |
The default setting is 260 seconds. |
|
4. Set the aging timer for the dynamic member ports in the VLAN. |
mld-snooping host-aging-time interval |
The default setting is 260 seconds. |
Configuring static ports
You can configure the following types of static ports:
· Static member port—When you configure a port as a static member port for an IPv6 multicast group, all hosts attached to the port will receive IPv6 multicast data for the group.
The static member port does not respond to MLD queries. When you configure or cancel this configuration, the port does not send an unsolicited report or done message.
· Static router port—When you configure a port as a static router port for an IPv6 multicast group, all IPv6 multicast data for the group received on the port will be forwarded.
Static member ports and static router ports never age out. To remove such a port, use the undo mld-snooping static-group or undo mld-snooping static-router-port command.
To configure static ports:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Configure the port as a static port. |
· Configure the port as a static member port: · Configure the port as a static router port: |
By default, a port is not a static member port or a static router port. |
Configuring a port as a simulated member host
When a port is configured as a simulated member host, it is equivalent to an independent host in the following ways:
· It sends an unsolicited MLD report when you complete the configuration.
· It responds to MLD general queries with MLD reports.
· It sends an MLD done message when you remove the configuration.
When you perform this task, make sure the MLD version and MLD snooping version on the simulated host are the same.
To configure a port as a simulated member host:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Configure the port as a simulated member host. |
mld-snooping host-join ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
By default, the port is not a simulated member host. |
|
|
NOTE: Unlike a static member port, a port configured as a simulated member host ages out like a dynamic member port. |
Enabling fast-leave processing
This feature enables the switch to immediately remove a port from the forwarding entry for an IPv6 multicast group when the port receives a done message.
Configuration guidelines
When you enable fast-leave processing feature, follow these guidelines:
· H3C recommends that you enable this feature on a port that has only one receiver in a VLAN. If you enable this feature on a port that have multiple receivers, after a receiver leaves a group, other receivers cannot receive IPv6 multicast data for the group.
· You can enable fast-leave processing globally for all ports in MLD-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.
Enabling fast-leave processing globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable fast-leave processing globally. |
fast-leave [ vlan vlan-list ] |
By default, fast-leave processing is disabled globally. |
Enabling fast-leave processing on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Enable fast-leave processing on the port. |
mld-snooping fast-leave [ vlan vlan-list ] |
By default, fast-leave processing is disabled for a port. |
Disabling a port from becoming a dynamic router port
A receiver host might send MLD general queries or IPv6 PIM hello messages for testing purposes. On the Layer 2 device, the port that receives either of the messages becomes a dynamic router port. Before the aging timer for the port expires, the following problems might occur:
· All IPv6 multicast data for the VLAN to which the port belongs flows to the port. Then, the port forwards the data to attached receiver hosts. The receiver hosts will receive unexpected IPv6 multicast data.
· The port forwards the MLD general queries or PIM hello messages to its upstream multicast routers. These messages might affect the multicast routing protocol state (such as the MLD querier or DR election) on the multicast routers. This might further cause network interruption.
To solve these problems, you can disable the port from becoming a dynamic router port when receiving either of the messages. This also improves network security and the control over receiver hosts.
To disable a port from becoming a dynamic router port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Disable the port from becoming a dynamic router port. |
mld-snooping router-port-deny [ vlan vlan-list ] |
By default, a port can become a dynamic router port. This configuration does not affect the static router port configuration. |
Configuring the MLD snooping querier
This section describes how to configure an MLD snooping querier.
Configuration prerequisites
Before you configure the MLD snooping querier for a VLAN, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the MLD general query interval.
· Determine the MLD last listener query interval.
· Determine the maximum response time for MLD general queries.
Enabling the MLD snooping querier
This feature enables the switch to periodically send MLD general queries to establish and maintain multicast forwarding entries at the data link Layer. You can configure an MLD snooping querier on a network without Layer 3 multicast devices.
When you enable the MLD snooping querier, follow these guidelines:
· Do not enable the MLD snooping querier on an IPv6 multicast network that runs MLD. An MLD snooping querier does not participate in MLD querier elections. However, it might affect MLD querier elections if it sends MLD general queries with a low source IPv6 address. For more information about the MLD querier, see "Configuring MLD."
· On a TRILL network, if an RB acts as both the MLD snooping querier and the AVF of a VLAN, H3C recommends that you configure the designated port as a static router port. Otherwise, MLD snooping forwarding entries cannot be created. For more information about TRILL, RB, AVF, and designated ports, see TRILL Configuration Guide.
To enable the MLD snooping querier for a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable the MLD snooping querier. |
mld-snooping querier |
By default, MLD snooping querier is disabled. |
Configuring parameters for MLD queries and responses
|
|
CAUTION: To prevent multicast group members from being deleted mistakenly, make sure the MLD general query interval is larger than the maximum response time for MLD general queries. |
You can modify the MLD general query interval based on the actual network conditions.
A receiver host starts a timer for each IPv6 multicast group that it has joined when it receives an MLD query (general query or multicast-address-specific query). This timer is initialized to a random value in the range of 0 to the maximum response time advertised in the MLD query message. When the timer value decreases to 0, the host sends an MLD report to the IPv6 multicast group.
To speed up the response of hosts to MLD queries and to avoid simultaneous timer expirations which cause MLD report traffic bursts, you must correctly set the maximum response time.
· The maximum response time for MLD general queries is set by the max-response-time command.
· The maximum response time for MLD multicast-address-specific queries equals the MLD last listener query interval, which is set by the last-listener-query-interval command.
You can configure parameters for MLD queries and responses for the current VLAN in VLAN view or globally for all VLANs in MLD-snooping view. The configuration made in VLAN view takes priority over the configuration made in MLD-snooping view.
Configuring parameters for MLD queries and responses globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the maximum response time for MLD general queries. |
max-response-time interval |
The default setting is 10 seconds. |
|
4. Set the MLD last listener query interval. |
last-listener-query-interval interval |
The default setting is 1 second. |
Configuring parameters for MLD queries and responses in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the MLD general query interval for the VLAN. |
mld-snooping query-interval interval |
The default setting is 125 seconds. |
|
4. Set the maximum response time for MLD general queries in the VLAN. |
mld-snooping max-response-time interval |
The default setting is 10 seconds. |
|
5. Set the MLD last listener query interval in the VLAN. |
mld-snooping last-listener-query-interval interval |
The default setting is 1 second. |
Configuring parameters for MLD messages
This section describes how to configure parameters for MLD messages.
Configuration prerequisites
Before you configure parameters for MLD messages in a VLAN, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the source IPv6 address of MLD general queries.
· Determine the source IPv6 address of MLD multicast-address-specific queries.
· Determine the source IPv6 address of MLD reports.
· Determine the source IPv6 address of MLD done messages.
· Determine the 802.1p priority of MLD messages.
Configuring source IPv6 addresses for MLD messages
You can change the source IPv6 address of MLD queries sent by an MLD snooping querier. This configuration might affect MLD querier election within the subnet.
You can also change the source IPv6 address of MLD reports or leave messages sent by a simulated member host.
To configure the source IP addresses for MLD messages in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure the source IPv6 address for MLD general queries. |
mld-snooping general-query source-ip { ipv6-address | current-interface } |
The default setting is the IPv6 link-local address of the current VLAN interface. If the current VLAN interface does not have an IPv6 link-local address, the source IPv6 address is FE80::02FF:FFFF:FE00:0001. |
|
4. Configure the source IPv6 address for MLD multicast-address-specific queries. |
mld-snooping special-query source-ip { ipv6-address | current-interface } |
By default, if the MLD snooping querier has received MLD general queries, the source IPv6 address of MLD multicast-address-specific queries is the source IPv6 address of MLD general queries. Otherwise, it is the IPv6 link-local address of the current VLAN interface. If the current VLAN interface does not have an IPv6 link-local address, the source IPv6 address is FE80::02FF:FFFF:FE00:0001. |
|
5. Configure the source IPv6 address for MLD reports. |
The default setting is the IPv6 address of the current VLAN interface. If the current VLAN interface does not have an IPv6 address, the source IPv6 address is FE80::02FF:FFFF:FE00:0001. |
|
|
6. Configure the source IPv6 address for MLD done messages. |
The default setting is the IPv6 address of the current VLAN interface. If the current VLAN interface does not have an IPv6 address, the source IPv6 address is FE80::02FF:FFFF:FE00:0001. |
Setting the 802.1p priority for MLD messages
When congestion occurs on outgoing ports of the Layer 2 device, it forwards MLD messages in their 802.1p priority order, from highest to lowest. You can assign a higher 802.1p priority to MLD messages that are created or forwarded by the device.
You can set the 802.1p priority globally for all VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the VLAN-specific configuration takes priority over the global configuration.
Setting the 802.1p priority for MLD messages globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the 802.1p priority for MLD messages. |
dot1p-priority priority-number |
By default, the 802.1p priority for MLD messages is not configured. |
Setting the 802.1p priority for MLD messages in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the 802.1p priority for MLD messages in the VLAN. |
mld-snooping dot1p-priority priority-number |
By default, the 802.1p priority for MLD messages is not configured. |
Configuring MLD snooping policies
Before you configure MLD snooping policies, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the ACL used as the IPv6 multicast group policy.
· Determine the maximum number of IPv6 multicast groups that a port can join.
Configuring an IPv6 multicast group policy
This feature enables the switch to filter MLD reports by using an ACL that specifies IPv6 multicast groups and the optional sources. It is used to control the IPv6 multicast groups that receiver hosts can join.
Configuration guidelines
When you configure an IPv6 multicast group policy, follow these guidelines:
· This configuration takes effect only on the IPv6 multicast groups that the port joins dynamically.
· You can configure an IPv6 multicast group policy globally for all ports in MLD-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.
Configuring an IPv6 multicast group policy globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Configure an IPv6 multicast group policy globally. |
group-policy acl6-number [ vlan vlan-list ] |
By default, IPv6 multicast group policies are not globally configured. |
Configuring an IPv6 multicast group policy on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Configure an IPv6 multicast group policy on the port. |
mld-snooping group-policy acl6-number [ vlan vlan-list ] |
By default, IPv6 multicast group policies are not configured on the port. |
Enabling IPv6 multicast source port filtering
This feature enables the switch to discard all IPv6 multicast data packets and to accept IPv6 multicast protocol packets. You can enable this feature on ports that connect only to IPv6 multicast receivers.
You can enable multicast source port filtering for the specified ports in MLD-snooping view or for a port in interface view. For a port, the configuration in interface view has the same priority as the configuration in MLD-snooping view, and the most recent configuration takes effect.
Enabling IPv6 multicast source port filtering globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable IPv6 multicast source port filtering. |
source-deny port interface-list |
By default, IPv6 multicast source port filtering is disabled. |
Enabling IPv6 multicast source port filtering on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view. |
interface interface-type interface-number |
N/A |
|
3. Enable IPv6 multicast source port filtering. |
mld-snooping source-deny |
By default, IPv6 multicast source port filtering is disabled. |
Enabling dropping unknown IPv6 multicast data
This feature enables the switch to drop all unknown IPv6 multicast data. Unknown IPv6 multicast data refers to IPv6 multicast data for which no forwarding entries exist in the MLD snooping forwarding table.
If you do not enable this feature, the unknown IPv6 multicast data is flooded in the VLAN to which the data belongs.
To enable dropping unknown IPv6 multicast data for a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable dropping unknown IPv6 multicast data for the VLAN |
mld-snooping drop-unknown |
By default, this feature is disabled. Unknown IPv6 multicast data is flooded. |
Enabling MLD report suppression
This feature enables the switch to forward only the first MLD report for an IPv6 multicast group to its directly connected Layer 3 device. Other reports for the same group within the same query interval are discarded.
To enable MLD report suppression:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable MLD report suppression. |
report-aggregation |
By default, MLD report suppression is enabled. |
Setting the maximum number of IPv6 multicast groups on a port
You can set the maximum number of IPv6 multicast groups on a port to regulate the port traffic.
Configuration guidelines
When you set the maximum number of IPv6 multicast groups on a port, follow these guidelines:
· This configuration takes effect only on the IPv6 multicast groups that the port joins dynamically.
· If the number of IPv6 multicast groups on a port exceeds the limit, the system removes all the forwarding entries related to that port. In this case, the receiver hosts attached to that port can join IPv6 multicast groups again before the number of IPv6 multicast groups on the port reaches the limit.
Configuration procedure
To set the maximum number of IPv6 multicast groups on a port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Set the maximum number of IPv6 multicast groups on a port. |
mld-snooping group-limit limit [ vlan vlan-list ] |
The default setting is 4294967295. |
Enabling the IPv6 multicast group replacement feature
This feature enables the switch to replace an existing IPv6 multicast group with a newly joined group when the number of groups exceeds the upper limit. This feature is typically used in the channel switching application. Without this feature, the switch discards MLD reports for new groups, and the user cannot change to the new channel.
Configuration guidelines
When you enable the IPv6 multicast group replacement feature, follow these guidelines:
· This configuration takes effect only on the multicast groups that the port joins dynamically.
· You can enable this feature globally for all ports in MLD-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.
Configuration procedures
To enable the IPv6 multicast group replacement feature globally:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable the IPv6 multicast group replacement feature globally. |
overflow-replace [ vlan vlan-list ] |
By default, the IPv6 multicast group replacement feature is disabled. |
To enable the IPv6 multicast group replacement on a port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Enable the IPv6 multicast group replacement feature on the port. |
mld-snooping overflow-replace [ vlan vlan-list ] |
By default, the IPv6 multicast group replacement feature is disabled. |
Displaying and maintaining MLD snooping
Execute display commands in any view and reset commands in user view.
|
Command |
|
|
Display information about Layer 2 IPv6 multicast groups. |
display ipv6 l2-multicast ip [ group ipv6-group-address | source ipv6-source-address ] * [ vlan vlan-id ] [ slot slot-number ] |
|
Display Layer 2 IPv6 multicast group entries. |
display ipv6 l2-multicast ip forwarding [ group ipv6-group-address | source ipv6-source-address ] * [ vlan vlan-id ] [ slot slot-number ] |
|
Display information about Layer 2 IPv6 MAC multicast groups. |
display ipv6 l2-multicast mac [ mac-address ] [ vlan vlan-id ] [ slot slot-number ] |
|
Display Layer 2 IPv6 MAC multicast group entries. |
display ipv6 l2-multicast mac forwarding [ mac-address ] [ vlan vlan-id ] [ slot slot-number ] |
|
Display MLD snooping status. |
display mld-snooping [ global | vlan vlan-id ] |
|
Display dynamic MLD snooping forwarding entries. |
display mld-snooping group [ ipv6-group-address | ipv6-source-address ] * [ vlan vlan-id ] [ verbose ] [ slot slot-number ] |
|
Display static MLD snooping forwarding entries. |
display mld-snooping static-group [ ipv6-group-address | ipv6-source-address ] * [ vlan vlan-id ] [ verbose ] [ slot slot-number ] |
|
Display dynamic router port information. |
display mld-snooping router-port [ vlan vlan-id ] [ slot slot-number ] |
|
Display static router port information. |
display mld-snooping static-router-port [ vlan vlan-id ] [ slot slot-number ] |
|
Display statistics for the MLD messages learned through MLD snooping. |
display mld-snooping statistics |
|
Clear dynamic MLD snooping forwarding entries. |
reset mld-snooping group { ipv6-group-address [ ipv6-source-address ] | all } [ vlan vlan-id ] |
|
Clear dynamic router port information. |
reset mld-snooping router-port { all | vlan vlan-id } |
|
Clear statistics for the MLD messages learned through MLD snooping. |
reset mld-snooping statistics |
MLD snooping configuration examples
IPv6 group policy configuration example
Network requirements
As shown in Figure 3, Router A runs MLDv1 and acts as the MLD querier, and Switch A runs MLDv1 snooping.
Configure a group policy to achieve the following goals:
· Host A and Host B receive only the IPv6 multicast data addressed to the IPv6 multicast group FF1E::101.
· Switch A drops unknown IPv6 multicast data instead of flooding it in VLAN 100.
Configuration procedure
1. Assign an IPv6 address and prefix length to each interface according to Figure 3. (Details not shown.)
2. Configure Router A:
# Enable IPv6 multicast routing.
<RouterA> system-view
[RouterA] ipv6 multicast routing
[RouterA-mrib6] quit
# Enable MLD on FortyGigE 1/1/1.
[RouterA] interface fortygige 1/1/1
[RouterA-FortyGigE1/1/1] mld enable
[RouterA-FortyGigE1/1/1] quit
# Enable IPv6 PIM-DM on FortyGigE 1/1/2.
[RouterA] interface fortygige 1/1/2
[RouterA-FortyGigE1/1/2] ipv6 pim dm
[RouterA-FortyGigE1/1/2] quit
3. Configure Switch A:
# Enable MLD snooping globally.
<SwitchA> system-view
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 through FortyGigE 1/1/4 to the VLAN.
[SwitchA] vlan 100
[SwitchA-vlan100] port fortygige 1/1/1 to fortygige 1/1/4
# Enable MLD snooping for VLAN 100.
[SwitchA-vlan100] mld-snooping enable
# Enable dropping IPv6 unknown multicast data for VLAN 100.
[SwitchA-vlan100] mld-snooping drop-unknown
[SwitchA-vlan100] quit
# Configure IPv6 multicast group policy so that hosts in VLAN 100 can join only the IPv6 multicast group FF1E::101.
[SwitchA] acl ipv6 number 2001
[SwitchA-acl6-basic-2001] rule permit source ff1e::101 128
[SwitchA-acl6-basic-2001] quit
[SwitchA] mld-snooping
[SwitchA–mld-snooping] group-policy 2001 vlan 100
[SwitchA–mld-snooping] quit
Verifying the configuration
# Send MLD reports from Host A and Host B to join the IPv6 multicast groups FF1E::101 and FF1E::202. (Details not shown.)
# Display dynamic MLD snooping forwarding entries in VLAN 100 on Switch A.
[SwitchA] display mld-snooping group vlan 100
Total 1 entries.
VLAN 100: Total 1 entries.
(::, FF1E::101)
Host slots (0 in total):
Host ports (2 in total):
FGE1/1/3 (00:03:23)
FGE1/1/4 (00:04:10)
The output shows the following information:
· Host A and Host B have joined the IPv6 multicast group FF1E::101 (through the member ports FortyGigE 1/1/4 and FortyGigE 1/1/3 on Switch A, respectively).
· Host A and Host B have failed to join the multicast group FF1E::202.
Static port configuration example
Network requirements
As shown in Figure 4:
· Router A runs MLDv1 and acts as the MLD querier, and Switch A, Switch B, and Switch C run MLDv1 snooping.
· Host A and Host C are permanent receivers of the IPv6 multicast group FF1E::101.
Configure static ports to meet the following requirements:
· To enhance the reliability of IPv6 multicast traffic transmission, configure FortyGigE 1/1/3 and FortyGigE 1/1/5 on Switch C as static member ports for the IPv6 multicast group FF1E::101.
· Suppose the STP runs on the network. To avoid data loops, the forwarding path from Switch A to Switch C is blocked under normal conditions. IPv6 multicast data flows to the receivers attached to Switch C only along the path of Switch A—Switch B—Switch C. Configure FortyGigE 1/1/3 on Switch A as a static router port, so that IPv6 multicast data can flow to the receivers nearly uninterrupted along the path of Switch A—Switch C when the path of Switch A—Switch B—Switch C is blocked.
|
|
NOTE: If no static router port is configured, IPv6 multicast transmission is interrupted for a while after the path of Switch A—Switch B—Switch C is blocked. The reason is that at least one MLD query/response exchange is required before the new path can forward IPv6 multicast packets. |
For more information about the STP, see Layer 2—LAN Switching Configuration Guide.
Configuration procedure
1. Assign an IPv6 address and prefix length to each interface according to Figure 4. (Details not shown.)
2. Configure Router A:
# Enable IPv6 multicast routing.
<RouterA> system-view
[RouterA] ipv6 multicast routing
[RouterA-mrib6] quit
# Enable MLD on FortyGigE 1/1/1.
[RouterA] interface fortygige 1/1/1
[RouterA-FortyGigE1/1/1] mld enable
[RouterA-FortyGigE1/1/1] quit
# Enable IPv6 PIM-DM on FortyGigE 1/1/2.
[RouterA] interface fortygige 1/1/2
[RouterA-FortyGigE1/1/2] ipv6 pim dm
[RouterA-FortyGigE1/1/2] quit
3. Configure Switch A:
# Enable MLD snooping globally.
<SwitchA> system-view
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 through FortyGigE 1/1/3 to the VLAN.
[SwitchA] vlan 100
[SwitchA-vlan100] port fortygige 1/1/1 to fortygige 1/1/3
# Enable MLD snooping for VLAN 100.
[SwitchA-vlan100] mld-snooping enable
[SwitchA-vlan100] quit
# Configure FortyGigE 1/1/3 as a static router port.
[SwitchA] interface fortygige 1/1/3
[SwitchA-FortyGigE1/1/3] mld-snooping static-router-port vlan 100
[SwitchA-FortyGigE1/1/3] quit
4. Configure Switch B:
# Enable MLD snooping globally.
<SwitchB> system-view
[SwitchB] mld-snooping
[SwitchB-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 and FortyGigE 1/1/2 to the VLAN.
[SwitchB] vlan 100
[SwitchB-vlan100] port fortygige 1/1/1 fortygige 1/1/2
# Enable MLD snooping for VLAN 100.
[SwitchB-vlan100] mld-snooping enable
[SwitchB-vlan100] quit
5. Configure Switch C:
# Enable MLD snooping globally.
<SwitchC> system-view
[SwitchC] mld-snooping
[SwitchC-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 through FortyGigE 1/1/5 to the VLAN.
[SwitchC] vlan 100
[SwitchC-vlan100] port fortygige 1/1/1 to fortygige 1/1/5
# Enable MLD snooping for VLAN 100.
[SwitchC-vlan100] mld-snooping enable
[SwitchC-vlan100] quit
# Configure FortyGigE 1/1/3 and FortyGigE 1/1/5 as static member ports for the IPv6 multicast group FF1E::101.
[SwitchC] interface fortygige 1/1/3
[SwitchC-FortyGigE1/1/3] mld-snooping static-group ff1e::101 vlan 100
[SwitchC-FortyGigE1/1/3] quit
[SwitchC] interface fortygige 1/1/5
[SwitchC-FortyGigE1/1/5] mld-snooping static-group ff1e::101 vlan 100
[SwitchC-FortyGigE1/1/5] quit
Verifying the configuration
# Display static router port information in VLAN 100 on Switch A.
[SwitchA] display mld-snooping static-router-port vlan 100
VLAN 100:
Router slots (1 in total):
1
Router ports (1 in total):
FGE1/1/3
The output shows that FortyGigE 1/1/3 on Switch A has become a static router port.
# Display static MLD snooping forwarding entries in VLAN 100 on Switch C.
[SwitchC] display mld-snooping static-group vlan 100
Total 1 entries).
VLAN 100: Total 1 entries).
(::, FF1E::101)
Host slots (0 in total):
Host ports (2 in total):
FGE1/1/3
FGE1/1/5
The output shows that FortyGigE 1/1/3 and FortyGigE 1/1/5 on Switch C have become static member ports of the IPv6 multicast group FF1E::101.
MLD snooping querier configuration example
Network requirements
As shown in Figure 5:
· The network is a Layer 2-only network.
· Source 1 and Source 2 send multicast data to the multicast groups FF1E::101 and FF1E::102, respectively.
· Host A and Host C are receivers of multicast group FF1E::101, and Host B and Host D are receivers of multicast group FF1E::102.
· All receiver hosts run MLDv1 and all switches run MLDv1 snooping. Switch A (which is close to the multicast sources) acts as the MLD snooping querier.
To prevent the switches from flooding unknown IPv6 packets in the VLAN, enable dropping unknown IPv6 multicast packets on all switches.
Configuration procedure
1. Configure Switch A:
# Enable MLD snooping globally.
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 through FortyGigE 1/1/3 to the VLAN.
[SwitchA-vlan100] port fortygige 1/1/1 to fortygige 1/1/3
# Enable MLD snooping for VLAN 100.
[SwitchA-vlan100] mld-snooping enable
# Enable dropping unknown IPv6 multicast packets for VLAN 100.
[SwitchA-vlan100] mld-snooping drop-unknown
# Enable the MLD snooping querier in VLAN 100.
[SwitchA-vlan100] mld-snooping querier
[SwitchA-vlan100] quit
2. Configure Switch B:
# Enable MLD snooping globally.
[SwitchB] mld-snooping
[SwitchB-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 through FortyGigE 1/1/4 to the VLAN.
[SwitchB] vlan 100
[SwitchB-vlan100] port fortygige 1/1/1 to fortygige 1/1/4
# Enable MLD snooping for VLAN 100.
[SwitchB-vlan100] mld-snooping enable
#Enable dropping unknown multicast packets for VLAN 100.
[SwitchB-vlan100] mld-snooping drop-unknown
[SwitchB-vlan100] quit
3. Configure Switch C:
# Enable MLD snooping globally.
<SwitchC> system-view
[SwitchC] mld-snooping
[SwitchC-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 through FortyGigE 1/1/3 to the VLAN.
[SwitchC] vlan 100
[SwitchC-vlan100] port fortygige 1/1/1 to fortygige 1/1/3
# Enable MLD snooping for VLAN 100.
[SwitchC-vlan100] mld-snooping enable
# Enable dropping unknown multicast packets for VLAN 100.
[SwitchC-vlan100] mld-snooping drop-unknown
[SwitchC-vlan100] quit
4. Configure Switch D:
# Enable MLD snooping globally.
[SwitchD] mld-snooping
[SwitchD-mld-snooping] quit
# Create VLAN 100, and assign FortyGigE 1/1/1 and FortyGigE 1/1/2 to the VLAN.
[SwitchD] vlan 100
[SwitchD-vlan100] port fortygige 1/1/1 to fortygige 1/1/2
# Enable MLD snooping for VLAN 100.
[SwitchD-vlan100] mld-snooping enable
# Enable dropping unknown multicast packets for VLAN 100.
[SwitchD-vlan100] mld-snooping drop-unknown
[SwitchD-vlan100] quit
Verifying the configuration
# Display statistics for MLD messages learned through MLD snooping on Switch B.
[SwitchB] display mld-snooping statistics
Received MLD general queries: 3
Received MLDv1 specific queries: 0
Received MLDv1 reports: 12
Received MLD dones: 0
Sent MLDv1 specific queries: 0
Received MLDv2 reports: 0
Received MLDv2 reports with right and wrong records: 0
Received MLDv2 specific queries: 0
Received MLDv2 specific sg queries: 0
Sent MLDv2 specific queries: 0
Sent MLDv2 specific sg queries: 0
Received IPv6 PIM hello: 0
Received error MLD messages: 0
The output shows that all switches except Switch A can receive the MLD general queries after Switch A acts as the MLD snooping querier.
Troubleshooting MLD snooping
Layer 2 multicast forwarding cannot function
Symptom
Layer 2 multicast forwarding cannot function through MLD snooping.
Solution
To resolve the problem:
1. Use the display mld-snooping command to display MLD snooping status.
2. If MLD snooping is not enabled, use the mld-snooping command in system view to enable MLD snooping globally. Then, use the mld-snooping enable command in VLAN view to enable MLD snooping for the VLAN.
3. If MLD snooping is enabled globally but not enabled for the VLAN, use the mld-snooping enable command in VLAN view to enable MLD snooping for the VLAN.
4. If the problem persists, contact H3C Support.
IPv6 multicast group policy does not work
Symptom
Hosts can receive multicast data from IPv6 multicast groups that are not permitted by the IPv6 multicast group policy.
Solution
To resolve the problem:
1. Use the display acl ipv6 command to verify that the configured IPv6 ACL meets the IPv6 multicast group policy requirements.
2. Use the display this command in MLD-snooping view or in interface view to verify that the correct IPv6 multicast group policy has been applied. If the applied IPv6 multicast group policy is not correct, use the group-policy or mld-snooping group-policy command to apply the correct IPv6 multicast group policy.
3. Use the display mld-snooping command to verify that dropping unknown IPv6 multicast data is enabled. If dropping unknown IPv6 multicast data is not enabled, use the mld-snooping drop-unknown command to enable dropping unknown IPv6 multicast data.
4. If the problem persists, contact H3C Support.
