Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-MLD Snooping Configuration | 561.03 KB |
MLD snooping configuration task list
Configuring basic MLD snooping functions
Specifying the MLD snooping version
Configuring MLD snooping port functions
Configuring aging timers for dynamic ports
Configuring a port as a simulated member host
Enabling MLD snooping fast-leave processing
Disabling a port from becoming a dynamic router port
Configuring MLD snooping querier
Configuring parameters for MLD queries and responses
Configuring the source IPv6 addresses for MLD queries
Configuring MLD snooping proxying
Enabling MLD snooping proxying
Configuring the source IPv6 addresses for the MLD messages sent by the proxy
Configuring an MLD snooping policy
Configuring an IPv6 multicast group filter
Enabling dropping unknown IPv6 multicast data
Enabling MLD report suppression
Setting the maximum number of multicast groups that a port can join
Enabling IPv6 multicast group replacement
Setting the 802.1p precedence for MLD messages
Enabling the MLD snooping host tracking function
Displaying and maintaining MLD snooping
MLD snooping configuration examples
Multicast delivery to a wireless client (for the WX6000 series)
Multicast delivery to a wireless client (for the WX5540E)
Multicast delivery to a wireless client (for the WX3000E series)
MLD snooping proxying configuration example
Layer 2 multicast forwarding cannot function
Configured IPv6 multicast group policy fails to take effect
Configuring MLD snooping
Overview
By analyzing received MLD messages, an MLD snooping-enabled AC establishes mappings between ports and multicast MAC addresses and forwards IPv6 multicast data based on these mappings.
As shown in Figure 1, when MLD snooping is not running, IPv6 multicast packets are flooded to all wireless clients. When MLD snooping runs, multicast packets for known IPv6 multicast groups are multicast to specific wireless clients at Layer 2. This feature improves bandwidth efficiency, enhances multicast security, and helps per-host accounting for multicast users.
Figure 1 Before and after MLD snooping is enabled on the AC
Support for this feature depends on the device model. For more information, see About the H3C Access Controllers Configuration Guides.
Configuring MLD snooping
This section lists the basic concepts in MLD snooping.
MLD snooping related ports
As shown in Figure 2, Router A connects to the multicast source, MLD snooping runs on Device A and Device B, and Host A and Host C are receiver hosts (namely, members of an IPv6 multicast group).
Figure 2 MLD snooping related ports
As shown in Figure 2, MLD snooping divides the ports on Device A and Device B into the following types:
· Router port—Layer 3 multicast device-side port. Layer 3 multicast devices include DRs and MLD queriers. In Figure 2, GigabitEthernet 1/0/1 of Device A and Device B are router ports. A Layer 2 device registers all its local router ports in the router port list.
Do not confuse the "router port" in MLD snooping with the "routed interface" commonly known as the "Layer 3 interface." The router port in MLD snooping is the Layer 2 interface.
· Member port—Multicast receiver-side port. In Figure 2, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 of Device A and GigabitEthernet 1/0/2 of Device B are member ports. A Layer 2 device registers all its local member ports in its MLD snooping forwarding table.
Unless otherwise specified, router ports and member ports in this document include both static and dynamic router ports and member ports.
Dynamic router ports include ports that receive MLD general queries with the source address other than 0::0 and ports that receive IPv6 PIM hello messages. For more information about IPv6 PIM hello messages, see "Configuring IPv6 PIM."
Compared with a common Layer 2 device, an AC has wireless interfaces. The port roles on the AC in Figure 3 are described as follows:
· Router port—GigabitEthernet 1/0/1 on the AC leads the device towards the multicast source, so GigabitEthernet 1/0/1 is a router port.
· Member port—GigabitEthernet 1/0/2 on the AC is attached with a multicast receiver, so GigabitEthernet 1/0/2 is a member port. In addition, after an AP joins an ESS, the AC creates a virtual Layer 2 interface WLAN-DBSS corresponding to that ESS. As shown in Figure 3, after the AP joins two ESSs, the AC creates two virtual Layer 2 interfaces: WLAN-DBSS 67:67 and WLAN-DBSS 68:66. The ESS corresponding to WLAN-DBSS 67:67 comprises a multicast receiver Client B, so WLAN-DBSS 67:67 is a member port.
Figure 3 Port roles on an MLD snooping-enabled AC
Aging timers for dynamic ports in MLD snooping
|
Timer |
Description |
Expected message before expiration |
Action after expiration |
|
Dynamic router port aging timer |
When a port receives an MLD general query with the source address other than 0::0 or an IPv6 PIM hello message, the Layer 2 device starts an aging timer for the port. When the timer expires, the dynamic router port ages out. |
MLD general query with the source address other than 0::0 or IPv6 PIM hello message. |
The Layer 2 device removes this port from its router port list. |
|
Dynamic member port aging timer |
When a port dynamically joins a multicast group, the Layer 2 device starts an aging timer for the port. When the timer expires, the dynamic member port ages out. |
MLD report message. |
The Layer 2 device removes this port from the MLD snooping forwarding table. |
|
|
NOTE: In MLD snooping, only dynamic ports age out. Static ports never age out. |
How MLD snooping works
An MLD snooping-enabled Layer 2 device performs different actions when it receives different MLD messages.
The ports in this section are dynamic ports. For information about how to configure and remove static ports, see "Configuring static ports."
When receiving a general query
After receiving an MLD general query, the Layer 2 device forwards it to all ports in the VLAN, except the port that received the query. The Layer 2 device also performs one of the following actions:
· If the receiving port is a dynamic router port in the router port list, restarts the aging timer for the port.
· If the receiving port is not in the router port list, adds it into the router port list as a dynamic router port and starts an aging timer for the port.
When receiving a membership report
A host sends an MLD report to the MLD querier for the following purposes:
· Responds to an MLD query if the host has been a member of an IPv6 multicast group.
· Applies for a IPv6 multicast group membership.
After receiving an MLD report on a port, the Layer 2 device forwards it through all the router ports in the VLAN, resolves the address of the reported IPv6 multicast group, and performs the following judgment:
· If no forwarding entry matches the group address, the Layer 2 device creates a forwarding entry for the group, adds the receiving port as a dynamic member port to the forwarding entry for the group, and starts an aging timer for the port.
· If a forwarding entry matches the group address, but the receiving port is not in the forwarding entry for the group, the Layer 2 device adds the port as a dynamic member port to the forwarding entry, and starts an aging timer for the port.
· If a forwarding entry matches the group address and the receiving port is in the forwarding entry for the group, the Layer 2 device restarts the aging timer for the port.
A Layer 2 device does not forward an MLD report through a non-router port. The reason is that if the Layer 2 device forwards a report message through a member port, all the attached hosts that are listening to the reported IPv6 multicast address, according to the MLD report suppression mechanism, suppress their own reports after receiving this report. This prevents the Layer 2 device from confirming whether the reported IPv6 multicast group still has active members attached to that port.
When receiving a done message
When a host leaves an IPv6 multicast group, the host sends an MLD done message to the multicast routers. When the Layer 2 device receives the MLD done message on a dynamic member port, the Layer 2 device first examines whether a forwarding entry matches the IPv6 multicast group address in the message. If a match is found, the Layer 2 device examines whether the forwarding entry contains the dynamic member port.
· If no forwarding entry matches the IPv6 multicast group address, or if the forwarding entry does not contain the port, the Layer 2 device directly discards the MLD done message.
· If a forwarding entry matches the IPv6 multicast group address and contains the port, the Layer 2 device forwards the done message to all router ports in the native VLAN. Because the Layer 2 device does not know whether any other hosts attached to the port are still listening to that IPv6 multicast group address, the Layer 2 device does not immediately remove the port from the forwarding entry for that group. Instead, it restarts the aging timer for the port.
After receiving the MLD done message on a port, the MLD querier resolves the IPv6 multicast group address in the message and sends an MLD multicast-address-specific query to that IPv6 multicast group through the receiving port. After receiving the MLD multicast-address-specific query, the Layer 2 device forwards it through all its router ports in the VLAN and all member ports of the IPv6 multicast group. The Layer 2 device also performs the following judgment for the port that received the MLD done message:
· If the port receives no MLD report in response to the MLD multicast-address-specific query before its aging timer expires, it indicates that no hosts attached to the port are still monitoring that IPv6 multicast group address. The Layer 2 device removes the port from the forwarding entry for the IPv6 multicast group when the aging timer expires.
MLD snooping proxying
You can configure the MLD snooping proxying function on an edge device to reduce the number of MLD reports and done messages sent to its upstream device. The device configured with MLD snooping proxying is called an MLD snooping proxy. It is a host from the perspective of its upstream device.
Even though an MLD snooping proxy is a host from the perspective of its upstream device, the MLD report suppression mechanism for hosts does not take effect on it.
As shown in Figure 4, AC works as an MLD snooping proxy. As a host from the perspective of the querier Router A, AC represents its attached hosts to send their membership reports and done messages to Router A.
Table 1 MLD message processing on an MLD snooping proxy
|
MLD message |
Actions |
|
General query |
When receiving an MLD general query, the proxy forwards it to all ports but the port that received the query. In addition, the proxy generates a report according to the group memberships that it maintains and sends the report out of all router ports. |
|
Multicast-address-specific query |
In response to the MLD group-specific query for a certain IPv6 multicast group, the proxy sends the report to the group out of all router ports if the forwarding entry for the group still contains a member port. |
|
Report |
When receiving a report for an IPv6 multicast group, the proxy looks up the multicast forwarding table for the entry for the multicast group: · If a forwarding entry matches the IPv6 multicast group, and contains the receiving port as a dynamic member port, the proxy restarts the aging timer for the port. · If a forwarding entry matches the IPv6 multicast group but does not contain the receiving port, the proxy adds the port to the forwarding entry as a dynamic member port and starts an aging timer for the port. · If no forwarding entry matches the IPv6 multicast group, the proxy creates a forwarding entry for the group, adds the receiving port to the forwarding entry as a dynamic member port, and starts an aging timer for the port. Then, the AC sends the report to the group out of all router ports. |
|
Done |
In response to a done message for an IPv6 multicast group, the proxy sends a multicast-address-specific query for the group out of the receiving port. After making sure that no member port is contained in the forwarding entry for the IPv6 multicast group, the proxy sends a done message for the group out of all router ports. |
Protocols and standards
RFC 4541, Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches
MLD snooping configuration task list
For the configuration tasks in this section, the following rules apply:
· The configurations made in MLD-snooping view are effective on all VLANs. The configurations made in VLAN view are effective on only the current VLAN. For a given VLAN, a configuration made in MLD-snooping view is effective only if you do not make the same configuration in VLAN view.
· The configurations made in MLD-snooping view are effective on all ports. The configurations made in Layer 2 Ethernet interface view or Layer 2 aggregate interface view are effective on only the current port. The configurations made in port group view are effective on only the ports in the current port group. For a given port, a configuration made in MLD-snooping view is effective only if you do not make the same configuration in Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view.
· For MLD snooping, the configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports, nor do they participate in aggregation calculations. A configuration made on a member port of the aggregate group will take effect after the port leaves the aggregate group.
Complete these tasks to configure MLD snooping:
|
Task |
Remarks |
|
|
Required. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Configuring the source IPv6 addresses for the MLD messages sent by the proxy |
Optional. |
|
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Setting the maximum number of multicast groups that a port can join |
Optional. |
|
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
Configuring basic MLD snooping functions
This section describes how to configure basic MLD snooping functions.
Configuration prerequisites
Before you configure basic MLD snooping functions, complete the following tasks:
· Enable IPv6 forwarding.
· Configure the corresponding VLANs.
· Determine the MLD snooping version.
Enabling MLD snooping
When you enable MLD snooping, follow these guidelines:
· Enable MLD snooping globally before you enable it for a VLAN.
· MLD snooping for a VLAN works only on the Ethernet ports and WLAN-ESS interfaces within that VLAN.
To enable MLD snooping:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable MLD snooping globally and enter MLD-snooping view. |
mld-snooping |
Disabled by default. |
|
3. Return to system view. |
quit |
N/A |
|
4. Enter VLAN view. |
vlan vlan-id |
N/A |
|
5. Enable MLD snooping for the VLAN. |
mld-snooping enable |
Disabled by default. |
Specifying the MLD snooping version
Different versions of MLD snooping process different versions of MLD messages:
· MLDv1 snooping processes MLDv1 messages, but flood MLDv2 messages in the VLAN instead of processing them.
· MLDv2 snooping processes MLDv1 and MLDv2 messages.
If you change MLDv2 snooping to MLDv1 snooping, the system does the following:
· Clears all MLD snooping forwarding entries that are dynamically created.
· Keeps static MLDv2 snooping forwarding entries (*, G).
· Clears static MLDv2 snooping forwarding entries (S, G), which will be restored when MLD snooping is switched back to MLDv2 snooping.
For more information about static MLD snooping forwarding entries, see "Configuring static ports."
To specify the MLD snooping version:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
1. Enter VLAN view. |
vlan vlan-id |
N/A |
|
2. Specify the MLD snooping version. |
mld-snooping version version-number |
Version 1 by default. |
Configuring MLD snooping port functions
This section describes how to configure MLD snooping port functions.
Configuration prerequisites
Before you configure MLD snooping port functions, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Configure the corresponding port groups.
· Determine the aging timer for dynamic router ports.
· Determine the aging timer for dynamic member ports.
· Determine the IPv6 multicast group and IPv6 multicast source addresses.
Configuring aging timers for dynamic ports
If an AC receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port when the aging timer of the port expires, the AC removes the port from the router port list.
If the AC receives no MLD reports for an IPv6 multicast group on a dynamic member port when the aging timer of the port expires, the AC removes the port from the forwarding entry for the IPv6 multicast group.
If the memberships of IPv6 multicast groups change frequently, you can set a relatively small value for the aging timer of the dynamic member ports. If the memberships of IPv6 multicast groups change rarely, you can set a relatively large value.
Setting the global aging timers for dynamic ports
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the global aging timer for dynamic router ports. |
router-aging-time interval |
260 seconds by default. |
|
4. Set the global aging timer for dynamic member ports. |
host-aging-time interval |
260 seconds by default. |
Setting the aging timers for the dynamic ports in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the aging timer for the dynamic router ports. |
mld-snooping router-aging-time interval |
260 seconds by default. |
|
4. Set the aging timer for the dynamic member ports. |
mld-snooping host-aging-time interval |
260 seconds by default. |
Configuring static ports
You can configure a port as a static router port, through which the AC can forward all IPv6 multicast data that it received.
Configuration guidelines
· An IPv6 static (S, G) entry for a port takes effect only if a valid IPv6 multicast source address is specified and MLDv2 snooping runs.
· A static member port does not respond to queries from the MLD querier. When you configure a port as a static member port or cancel this configuration on the port, the port does not send an unsolicited MLD report or an MLD done message.
· Static member ports and static router ports never age out. To remove such a port, use the corresponding undo command.
Configuration procedure
To configure static ports:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
· Enter Layer 2 Ethernet interface view
or Layer 2 aggregate interface view: · Enter port group view: |
Use either method. |
|
3. Configure the port as a static member port. |
mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
No static member ports exist by default. |
|
4. Configure the port as a static router port. |
mld-snooping static-router-port vlan vlan-id |
No static router ports exist by default. |
Configuring a port as a simulated member host
Generally, a host that runs MLD can respond to MLD queries. If a host fails to respond, the multicast router might consider that the IPv6 multicast group has no members on the subnet, and then remove the corresponding forwarding path.
To avoid this situation, you can configure a port on the AC as a simulated member host for an IPv6 multicast group. When the simulated member host receives an MLD query, it gives a response. Therefore, the AC can continue receiving IPv6 multicast data.
A simulated host is equivalent to an independent host in the following ways:
· When a port is configured as a simulated member host, the AC sends an unsolicited MLD report through the port, and can respond to MLD general queries with MLD reports through the port.
· When the simulated joining configuration is canceled on the port, the AC sends an MLD done message through that port.
To configure a port as a simulated member host:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
· Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either method. |
|
3. Configure the port as a simulated member host. |
mld-snooping host-join ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
A port is not a simulated member host by default. |
|
|
NOTE: Unlike a static member port, a port configured as a simulated member host ages out like a dynamic member port. |
Enabling MLD snooping fast-leave processing
The fast-leave processing feature enables the AC to process MLD done messages quickly. When the AC receives an MLD done message on a port, it immediately removes that port from the forwarding entry for the multicast group specified in the message. Then, when the AC receives MLD multicast-address-specific queries for that multicast group, it does not forward them to that port.
On a port that has only one host attached, you can enable fast-leave processing to save bandwidth and resources. However, on a port that has multiple hosts attached, you should not enable fast-leave processing if you have enabled dropping unknown IPv6 multicast data globally or for the port. Otherwise, if a host on the port leaves an IPv6 multicast group, the other hosts attached to the port in the same IPv6 multicast group cannot receive the IPv6 multicast data for the group.
Enabling MLD snooping fast-leave processing globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable MLD snooping fast-leave processing. |
fast-leave [ vlan vlan-list ] |
Disabled by default. |
Enabling MLD snooping fast-leave processing on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
· Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either method. |
|
3. Enable MLD snooping fast-leave processing. |
mld-snooping fast-leave [ vlan vlan-list ] |
Disabled by default. |
Disabling a port from becoming a dynamic router port
The following problems might exist in a multicast access network:
· After receiving an MLD general query or IPv6 PIM hello message from a connected host, a router port becomes a dynamic router port. Before its timer expires, this dynamic router port receives all multicast packets within the VLAN that the port belongs to and forwards them to the host, affecting normal multicast reception of the host.
· In addition, the MLD general query and IPv6 PIM hello message that the host sends affects the multicast routing protocol state on Layer 3 devices, such as the MLD querier or DR election, and might further cause network interruption.
To solve these problems, you can disable the router port from becoming a dynamic router port after the port receives an MLD general query or IPv6 PIM hello message, so as to enhance network security and the control over multicast users.
To disable a port from becoming a dynamic router port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
· Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either method. |
|
3. Disable the port from becoming a dynamic router port. |
mld-snooping router-port-deny [ vlan vlan-list ] |
By default, a port can become a dynamic router port. This configuration does not affect the static router port configuration. |
Configuring MLD snooping querier
This section describes how to configure MLD snooping querier.
Configuration prerequisites
Before you configure MLD snooping querier, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the interval for sending MLD general queries.
· Determine the MLD last-listener query interval.
· Determine the maximum response delay for MLD general queries.
· Determine the source IPv6 address of MLD general queries.
· Determine the source IPv6 address of MLD multicast-address-specific queries.
Enabling MLD snooping querier
In an IPv6 multicast network that runs MLD, a multicast router or Layer 3 multicast device sends MLD general queries. This allows all Layer 3 multicast devices can establish and maintain multicast forwarding entries for forwarding multicast traffic correctly at the network layer. This router or Layer 3 device is called the "MLD querier."
However, a Layer 2 multicast device does not support MLD and it cannot send MLD general queries by default. When you configure an MLD snooping querier in a network where multicast traffic is only switched at the data link layer and no Layer 3 multicast devices are present, the Layer 2 device sends MLD queries, so that IPv6 multicast forwarding entries can be established and maintained at the data link layer.
Do not configure an MLD snooping querier in an IPv6 multicast network that runs MLD. Although an MLD snooping querier does not participate in MLD querier elections, it might affect MLD querier elections because it sends MLD general queries with a low source IPv6 address.
To enable MLD snooping querier in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable the MLD snooping querier. |
mld-snooping querier |
Disabled by default. |
Configuring parameters for MLD queries and responses
|
|
CAUTION: Make sure the interval for sending MLD general queries is greater than the maximum response delay for MLD general queries. Otherwise, IPv6 multicast members might be removed by mistake. |
You can modify the MLD general query interval based on the actual condition of the network.
A multicast listening host starts a timer for each IPv6 multicast group that it has joined when it receives an MLD query (general query or multicast-address-specific query). This timer is initialized to a random value in the range of 0 to the maximum response delay advertised in the MLD query message. When the timer value decreases to 0, the host sends an MLD report to the IPv6 multicast group.
To speed up the response of hosts to MLD queries and avoid simultaneous timer expirations causing MLD report traffic bursts, you must correctly set the maximum response delay.
· The maximum response delay for MLD general queries is set by the max-response-time command.
· The maximum response delay for MLD multicast-address-specific queries equals the MLD last-listener query interval.
Configuring the global parameters for MLD queries and responses
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the maximum response delay for MLD general queries. |
max-response-time interval |
10 seconds by default. |
|
4. Set the MLD last-listener query interval. |
last-listener-query-interval interval |
1 second by default. |
Configuring the parameters for MLD queries and responses in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the interval for sending MLD general queries. |
mld-snooping query-interval interval |
125 seconds by default. |
|
4. Set the maximum response delay for MLD general queries. |
mld-snooping max-response-time interval |
10 seconds by default. |
|
5. Set the MLD last-listener query interval. |
mld-snooping last-listener-query-interval interval |
1 second by default. |
Configuring the source IPv6 addresses for MLD queries
Changing the source IPv6 address of MLD queries might affect MLD querier election within the subnet.
To configure the source IP address for MLD queries:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure the source IPv6 address for MLD general queries. |
mld-snooping general-query source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default. |
|
4. Configure the source IPv6 address for MLD multicast-address-specific queries. |
mld-snooping special-query source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default. |
Configuring MLD snooping proxying
This section describes how to configure MLD snooping proxying.
Configuration prerequisites
Before you configure MLD snooping proxying, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the source IPv6 address for the MLD reports sent by the proxy.
· Determine the source IPv6 address for the MLD done messages sent by the proxy.
Enabling MLD snooping proxying
The MLD snooping proxying function works on a per-VLAN basis. After you enable the function in a VLAN, AC works as the MLD snooping proxy for the downstream hosts and upstream router in the VLAN.
To enable MLD snooping proxying in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable MLD snooping proxying in the VLAN. |
mld-snooping proxying enable |
Disabled by default. |
Configuring the source IPv6 addresses for the MLD messages sent by the proxy
You can set the source IPv6 addresses of the MLD reports and done messages that the MLD snooping proxy sends on behalf of its attached hosts.
To configure the source IPv6 addresses of MLD messages that the MLD snooping proxy sends in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure the source IPv6 address of MLD reports that the proxy sends. |
mld-snooping report source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default. |
|
4. Configure the source IPv6 address of MLD done messages that the proxy sends. |
mld-snooping done source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default. |
Configuring an MLD snooping policy
This section describes how to configure MLD snooping policies.
Configuration prerequisites
Before you configure an MLD snooping policy, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the IPv6 ACL for IPv6 multicast group filtering.
· Determine the maximum number of IPv6 multicast groups that a port can join.
· Determine the 802.1p precedence for MLD messages.
Configuring an IPv6 multicast group filter
On a MLD snooping-enabled AC, you can configure an IPv6 multicast group filter to limit multicast programs available to different users.
In an application, when a user requests a multicast program, the user's host initiates an MLD report. After receiving this report message, the AC resolves the IPv6 multicast group address in the report and looks up the ACL. If a match is found to permit the port that received the report can join this IPv6 multicast group, the AC creates an MLD snooping forwarding entry for the IPv6 multicast group and adds the port to the entry. Otherwise, the AC drops this report message. In this case, the IPv6 multicast data for the IPv6 multicast group is not sent to this port, and the user cannot retrieve the program.
Configuring an IPv6 multicast group filter globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Configure an IPv6 multicast group filter. |
group-policy acl6-number [ vlan vlan-list ] |
By default, no IPv6 group filter is globally configured, and the hosts in a VLAN can join any valid IPv6 multicast group. |
Configuring an IPv6 multicast group filter on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
· Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either method. |
|
3. Configure an IPv6 multicast group filter. |
mld-snooping group-policy acl6-number [ vlan vlan-list ] |
By default, no IPv6 group filter is configured for the port, and the hosts on the port can join any valid IPv6 multicast group. |
Enabling dropping unknown IPv6 multicast data
Unknown IPv6 multicast data refers to IPv6 multicast data for which no forwarding entries exist in the MLD snooping forwarding table. After the AC receives such IPv6 multicast traffic, one of the following occurs:
· If the function of dropping unknown IPv6 multicast data is disabled, the AC floods unknown IPv6 multicast data in the VLAN to which the unknown IPv6 multicast data belongs.
· If the function of dropping unknown IPv6 multicast data is enabled, the AC drops all unknown IPv6 multicast data received.
Configuration guidelines
· The drop-unknown and mld-snooping drop-unknown commands are mutually exclusive. Do not configure them at the same time.
· When the function of dropping unknown IPv6 multicast data is enabled, the AC automatically drops unknown IPv4 multicast data.
Enabling dropping unknown IPv6 multicast data globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable dropping unknown IPv6 multicast data. |
drop-unknown |
Disabled by default. Support for this command depends on your device model. |
Enabling dropping unknown IPv6 multicast data in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable dropping unknown IPv6 multicast data. |
mld-snooping drop-unknown |
Disabled by default. Support for this command depends on your device model. |
Enabling MLD report suppression
When a Layer 2 device receives an MLD report from an IPv6 multicast group member, the Layer 2 device forwards the message to the Layer 3 device that directly connects to the Layer 2 device. When multiple members of an IPv6 multicast group are attached to the Layer 2 device, the Layer 3 device might receive duplicate MLD reports for the IPv6 multicast group from these members.
With the MLD report suppression function enabled, within a query interval, the Layer 2 device forwards only the first MLD report for the IPv6 multicast group to the Layer 3 device. It does not forward subsequent MLD reports for the same IPv6 multicast group to the Layer 3 device. This helps reduce the number of packets being transmitted over the network.
On an MLD snooping proxy, MLD reports for an IPv6 multicast group from downstream hosts are suppressed if the forwarding entry for the multicast group exists on the proxy, whether the suppression function is enabled or not.
To enable MLD report suppression:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable MLD report suppression. |
report-aggregation |
Enabled by default. |
Setting the maximum number of multicast groups that a port can join
You can set the maximum number of IPv6 multicast groups that a port can join to regulate the traffic on the port.
When you configure this maximum number, if the number of IPv6 multicast groups the port has joined exceeds the configured maximum value, the system deletes all the forwarding entries for the port from the MLD snooping forwarding table, and the hosts on this port join IPv6 multicast groups again until the number of IPv6 multicast groups that the port joins reaches the maximum value. When the port joins an IPv6 multicast group, if the port has been configured as a static member port, the system applies the configurations to the port again. If you have configured simulated joining on the port, the system establishes corresponding forwarding entry for the port after receiving a report from the simulated member host.
To set the maximum number of IPv6 multicast groups that a port can join:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
· Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either method. |
|
3. Set the maximum number of IPv6 multicast groups that a port can join. |
mld-snooping group-limit limit [ vlan vlan-list ] |
The upper limit is 256. |
Enabling IPv6 multicast group replacement
For various reasons, the number of IPv6 multicast groups that an AC or a port can join might exceed the upper limit. In addition, in some specific applications, an IPv6 multicast group that the AC newly joins must replace an existing IPv6 multicast group automatically. A typical example is channel switching. To view a new TV channel, a user switches from the current IPv6 multicast group to the new one.
To realize such requirements, you can enable the IPv6 multicast group replacement function on the AC or on a certain port. When the number of IPv6 multicast groups that the AC or the port has joined reaches the limit, one of the following occurs:
· If the IPv6 multicast group replacement feature is disabled, new MLD reports are automatically discarded.
· If the IPv6 multicast group replacement feature is enabled, the IPv6 multicast group that the AC or the port newly joins automatically replaces an existing IPv6 multicast group that has the lowest IPv6 address.
|
|
IMPORTANT: Be sure to configure the maximum number of IPv6 multicast groups that a port can join to a value other than the default one (see "Setting the maximum number of multicast groups that a port can join)" before enabling IPv6 multicast group replacement. Otherwise, the IPv6 multicast group replacement function does not take effect. |
Enabling IPv6 multicast group replacement globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable IPv6 multicast group replacement. |
overflow-replace [ vlan vlan-list ] |
Disabled by default. |
Enabling IPv6 multicast group replacement on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
· Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either method. |
|
3. Enable IPv6 multicast group replacement. |
mld-snooping overflow-replace [ vlan vlan-list ] |
Disabled by default. |
Setting the 802.1p precedence for MLD messages
You can change the 802.1p precedence of MLD messages so that they can be assigned higher forwarding priority when congestion occurs on their outgoing ports.
Setting the 802.1p precedence for MLD messages globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the 802.1p precedence for MLD messages. |
dot1p-priority priority-number |
The default 802.1p precedence for MLD messages is 0. |
Setting the 802.1p precedence for MLD messages in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the 802.1p precedence for MLD messages. |
mld-snooping dot1p-priority priority-number |
The default 802.1p precedence for MLD messages is 0. |
Enabling the MLD snooping host tracking function
With the MLD snooping host tracking function, the AC can record the information of the member hosts that are receiving IPv6 multicast traffic, including host IPv6 address, running duration, and timeout time. You can monitor and manage the member hosts according to the recorded information.
Enabling the MLD snooping host tracking function globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable the MLD snooping host tracking function globally. |
host-tracking |
Disabled by default. |
Enabling the MLD snooping host tracking function in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable the MLD snooping host tracking function in the VLAN. |
mld-snooping host-tracking |
Disabled by default. |
Displaying and maintaining MLD snooping
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
Remarks |
|
Display MLD snooping group information. |
display mld-snooping group [ vlan vlan-id ] [ verbose ] [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
|
Display information about the hosts tracked by MLD snooping. |
display mld-snooping host vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
|
Display statistics for MLD messages learned through MLD snooping. |
display mld-snooping statistics [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
|
Remove dynamic group entries of a specified MLD snooping group or all MLD snooping groups. |
reset mld-snooping group { ipv6-group-address | all } [ vlan vlan-id ] |
Available in user view. This command removes only dynamic group entries. |
|
Clear statistics for all MLD messages learned through MLD snooping. |
reset mld-snooping statistics |
Available in user view. |
|
|
NOTE: The reset mld-snooping group command cannot remove static MLD group entries. |
MLD snooping configuration examples
ACs have either 10 GE or GE interfaces. Table 2 identifies the Ethernet interfaces on different types of ACs.
|
|
NOTE: If the AC is an AC module installed on a switch, make sure the internal Ethernet interface that connects the switch to the AC module has correct settings, including in particular VLAN settings. |
Table 2 AC Ethernet interfaces
|
Hardware |
AC Ethernet interfaces |
|
AC modules (installed in a switch) |
|
|
LSQM1WCMD0 LSRM1WCM3A1 LSUM3WCMD0 LSUM1WCME0 |
The internal Ethernet interface that connects the AC module to the switch. |
|
Wireless switches |
|
|
WX3024E WX3010E |
The internal Ethernet interface that connects the AC engine to the switching engine. |
|
ACs |
|
|
WX6103 |
The internal Ethernet interface that connects the main control board to the switching board. |
|
WX5002V2 WX5004 WX3510E WX3540E WX5510E |
Any Ethernet interfaces on the AC. |
|
WX2540E WAC360 WAC361 |
Any LAN or WAN interfaces on the AC. |
|
WX5540E |
The internal Ethernet interface that connects the AC engine to the switching engine. |
Multicast delivery to a wireless client (for the WX5000 series/WX3500E series/WX5510E/WX2540E/WAC360 series)
Network requirements
As shown in Figure 5, the multicast source (Source) sends multicast traffic to multicast group FF1E::1. The client is a member of the multicast group.
The client and the source can communicate with each other and the client can receive multicast traffic from the source.
Configuration procedure
1. Enable IPv6 PIM-DM and MLD on the port of Router A that connects to the AC and enable IPv6 multicast routing globally.
2. Configure WLAN services:
# Configure the WLAN-ESS interface and assign WLAN ESS 1 to VLAN 100.
<AC>system-view
[AC]Vlan 100
[AC-vlan100]quit
[AC]interface WLAN-ESS 1
[AC-WLAN-ESS1]port access vlan 100
[AC-WLAN-ESS1]quit
# Configure a WLAN service template with its SSID as multicast and authentication method as open-system. Bind the WLAN-ESS interface with the service template.
[AC]wlan service-template 1 clear
[AC-wlan-st-1]ssid Multicast
[AC-wlan-st-1]bind WLAN-ESS 1
[AC-wlan-st-1]authentication-method open-system
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
# Create AP template ap of model WA3628i-AGN and configure its serial ID as 210235A29G007C000020.
[AC]wlan ap ap model WA3628i-AGN
[AC-wlan-ap-ap]serial-id 210235A29G007C000020
# Configure the mapping between the service template and the current radio.
[AC-wlan-ap-ap]radio 1
[AC-wlan-ap-ap-radio-1]service-template 1
[AC-wlan-ap-ap-radio-1]radio enable
[AC-wlan-ap-ap-radio-1]quit
[AC-wlan-ap-ap]quit
3. Configure the wireless client to join the IPv6 multicast group:
# Enable MLD snooping in VLAN 100.
[AC] mld-snooping
[AC-mld-snooping]quit
[AC]vlan 100
[AC-vlan100] mld-snooping enable
[AC-vlan100]quit
# Configure GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100.
[AC] interface GigabitEthernet 1/0/2
[AC-GigabitEthernet1/0/2] port link-type trunk
[AC-GigabitEthernet1/0/2] port trunk permit vlan 100
[AC-GigabitEthernet1/0/2] quit
# Configure the client to access the WLAN service and request multicast traffic destined for FF1E::1.
Verifying the configuration
# Display detailed MLD snooping group information in VLAN 100 on the AC.
[AC]display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, A-Aggregation port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
GigabitEthernet1/0/1 (D) ( 00:01:30 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::1
(::, FF1E::1):
Attribute: Host Port
Host port(s):total 1 port(s).
WLAN-DBSS1:0 (D) ( 00:04:17 )
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
WLAN-DBSS1:0
The output shows that WLAN-DBSS1:0 on AC joins the IPv6 multicast group FF1E::1.
Multicast delivery to a wireless client (for the WX6000 series)
Network requirements
As shown in Figure 6, the multicast source (Source) sends multicast traffic to multicast group FF1E::1. The client is a member of the multicast group.
The client and the source can communicate with each other and the client can receive multicast traffic from the source.
Configuration procedure (for the WX6103)
1. Configure WLAN services:
# Configure WLAN-ESS interface 1 and assign it to VLAN 100.
<AC>system-view
[AC]Vlan 100
[AC-vlan100]quit
[AC]interface WLAN-ESS 1
[AC-WLAN-ESS1]port access vlan 100
[AC-WLAN-ESS1]quit
# Configure a WLAN service template with its SSID as multicast and authentication method as open-system. Bind the WLAN-ESS interface with the service template.
[AC]wlan service-template 1 clear
[AC-wlan-st-1]ssid Multicast
[AC-wlan-st-1]bind WLAN-ESS 1
[AC-wlan-st-1]authentication-method open-system
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
# Create AP template ap of model WA3628i-AGN and configure its serial ID as 210235A29G007C000020 on the AC (WX6103 main control board).
[AC]wlan ap ap model WA3628i-AGN
[AC-wlan-ap-ap]serial-id 210235A29G007C000020
# Configure the mapping between the service template and the current radio.
[AC-wlan-ap-ap]radio 1
[AC-wlan-ap-ap-radio-1]service-template 1
[AC-wlan-ap-ap-radio-1]radio enable
[AC-wlan-ap-ap-radio-1]quit
[AC-wlan-ap-ap]quit
2. Configure the wireless client to join the IPv6 multicast group:
# Create VLAN 100 and enable MLD snooping in the VLAN.
<AC>system-view
[AC] mld-snooping
[AC-mld-snooping]quit
[AC]vlan 100
[AC-vlan100] mld-snooping enable
[AC-vlan100]quit
# Configure the internal Ethernet interface Ten-GigabitEthernet 2/0/1 as a hybrid port and assign it to VLAN 100.
[AC]interface Ten-GigabitEthernet 2/0/1
[AC-Ten-GigabitEthernet2/0/1]port link-type hybrid
[AC-Ten-GigabitEthernet2/0/1]port hybrid vlan 100 tagged
[AC-Ten-GigabitEthernet2/0/1]quit
# Log in to the configuration interface of the switching interface board of the WX6103 and enable MLD snooping globally.
<AC> oap connect slot 0
Press CTRL+K to quit.
Connected to OAP!
User interface aux0 is available.
Press ENTER to get started.
<Device> system-view
[Device] mld-snooping
[Device-mld-snooping] quit
# Create VLAN 100 and enable MLD snooping in the VLAN. Configure GigabitEthernet 0/0/2 as a trunk port and assign it to VLAN 100.
[Device] vlan 100
[Device-vlan100] mld-snooping enable
[Device-vlan100] quit
[Device] interface GigabitEthernet 0/0/2
[Device-GigabitEthernet0/0/2] port link-type trunk
[Device-GigabitEthernet0/0/2] port trunk permit vlan 100
[Device-GigabitEthernet0/0/2] quit
# Configure the internal Ethernet interface Ten-GigabitEthernet 0/0/1 on the switching interface board as a hybrid port and assign it to VLAN 100.
[Device] interface Ten-GigabitEthernet 0/0/1
[Device-Ten-GigabitEthernet0/0/1] port link-type hybrid
[Device-Ten-GigabitEthernet0/0/1] port hybrid vlan 100 tagged
[Device-Ten-GigabitEthernet0/0/1] quit
# Use the shortcut keys Ctrl + K to exit the configuration interface of the switching interface board and return to the AC configuration interface.
# Configure the client to access the WLAN service and request multicast traffic destined for FF1E::1.
Verifying the configuration
# Display detailed MLD snooping group information in VLAN 100 on the AC.
[AC]display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, A-Aggregation port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 0 port.
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::1
(::, FF1E::1):
Attribute: Host Port
Host port(s):total 1 port.
WLAN-DBSS1:0 (D)
The output shows that WLAN-DBSS 1:0 on AC joins the IPv6 multicast group FF1E::1.
Configuration procedure (for the WX6000 series AC modules)
1. Configure WLAN services:
# Log into the configuration interface of a WX6000 AC module from the switch.
<Device> oap connect slot 2
Press CTRL+K to quit.
Connected to OAP!
User interface aux0 is available.
Press ENTER to get started.
<AC> system-view
# Configure WLAN-ESS interface 1 and assign it to VLAN 100.
[AC]Vlan 100
[AC-vlan100]quit
[AC]interface WLAN-ESS 1
[AC-WLAN-ESS1]port access vlan 100
[AC-WLAN-ESS1]quit
# Configure a WLAN service template with its SSID as multicast and authentication method as open-system. Bind the WLAN-ESS interface with the service template.
[AC]wlan service-template 1 clear
[AC-wlan-st-1]ssid Multicast
[AC-wlan-st-1]bind WLAN-ESS 1
[AC-wlan-st-1]authentication-method open-system
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
# Create AP template ap of model WA3628i-AGN and configure its serial ID as 210235A29G007C000020.
[AC]wlan ap ap model WA3628i-AGN
[AC-wlan-ap-ap]serial-id 210235A29G007C000020
# Configure the mapping the service template to the current radio.
[AC-wlan-ap-ap]radio 1
[AC-wlan-ap-ap-radio-1]service-template 1
[AC-wlan-ap-ap-radio-1]radio enable
[AC-wlan-ap-ap-radio-1]quit
[AC-wlan-ap-ap]quit
2. Configure the wireless client to join the IPv6 multicast group:
# Create VLAN 100 and enable MLD snooping in the VLAN.
[AC] mld-snooping
[AC-mld-snooping]quit
[AC]vlan 100
[AC-vlan100] mld-snooping enable
[AC-vlan100]quit
# Configure the internal Ethernet interface Ten-GigabitEthernet 2/0/1 as a hybrid port and assign it to VLAN 100.
[AC]interface Ten-GigabitEthernet2/0/1
[AC-Ten-GigabitEthernet2/0/1]port link-type hybrid
[AC-Ten-GigabitEthernet2/0/1]port hybrid vlan 100 tagged
[AC-Ten-GigabitEthernet2/0/1]quit
# Use the shortcut keys Ctrl + K to exit the AC configuration interface and return to the configuration interface of the switch that is installed with the WX6000 AC module. Enable MLD snooping globally.
<Device> system-view
[Device] mld-snooping
[Device-mld-snooping] quit
# Create VLAN 100 and enable MLD snooping in the VLAN. Configure GigabitEthernet 0/0/2 as a trunk port and assign it to the VLAN.
[Device] vlan 100
[Device-vlan100] mld-snooping enable
[Device-vlan100] quit
[Device] interface GigabitEthernet 0/0/2
[Device-GigabitEthernet0/0/2] port link-type trunk
[Device-GigabitEthernet0/0/2] port trunk permit vlan 100
[Device-GigabitEthernet0/0/2] quit
# Configure the internal interface Ten-GigabitEthernet 0/0/1 of the switch as a hybrid port and assign it to VLAN 100.
[Device] interface Ten-GigabitEthernet 0/0/1
[Device-Ten-GigabitEthernet0/0/1] port link-type hybrid
[Device-Ten-GigabitEthernet0/0/1] port hybrid vlan 100 tagged
[Device-Ten-GigabitEthernet0/0/1] quit
# Configure the client to access the WLAN service and request multicast traffic destined for FF1E::1.
Verifying the configuration
# Display detailed MLD snooping group information in VLAN 100 on AC.
[AC]display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, A-Aggregation port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 0 port(s).
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::1
(::, FF1E::1):
Attribute: Host Port
Host port(s):total 1 port(s).
WLAN-DBSS1:0 (D) ( 00:04:17 )
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
WLAN-DBSS1:0
The output shows that WLAN-DBSS 1:0 on AC joins the multicast group FF1E::1.
Multicast delivery to a wireless client (for the WX5540E)
Network requirements
As shown in Figure 7, the multicast source (Source) sends multicast traffic to multicast group FF1E::1. The client is a member of the multicast group.
The client and the source can communicate with each other and the client can receive multicast traffic from the source.
Configuration procedure
1. Configure WLAN services:
# Configure WLAN-ESS 1 and assign WLAN ESS 1 to VLAN 100.
<AC>system-view
[AC]Vlan 100
[AC-vlan100]quit
[AC]interface WLAN-ESS 1
[AC-WLAN-ESS1]port access vlan 100
[AC-WLAN-ESS1]quit
# Configure a WLAN service template with its SSID set to multicast and authentication method set to open-system. Bind the WLAN-ESS interface with the service template.
[AC]wlan service-template 1 clear
[AC-wlan-st-1]ssid Multicast
[AC-wlan-st-1]bind WLAN-ESS 1
[AC-wlan-st-1]authentication-method open-system
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
# Create AP template ap of model WA3628i-AGN and configure its serial ID as 210235A29G007C000020.
[AC]wlan ap ap model WA3628i-AGN
[AC-wlan-ap-ap]serial-id 210235A29G007C000020
# Configure the mapping between the service template and the current radio.
[AC-wlan-ap-ap]radio 1
[AC-wlan-ap-ap-radio-1]service-template 1
[AC-wlan-ap-ap-radio-1]radio enable
[AC-wlan-ap-ap-radio-1]quit
[AC-wlan-ap-ap]quit
2. Configure the wireless client to join the IPv6 multicast group:
# Create VLAN 100 and enable MLD snooping in the VLAN.
<AC>system-view
[AC] mld-snooping
[AC-mld-snooping]quit
[AC]vlan 100
[AC-vlan100] mld-snooping enable
[AC-vlan100]quit
# Configure the internal aggregate interface on the AC as a hybrid port and assign it to VLAN 100.
[AC]interface Bridge-Aggregation 1
[AC-Bridge-Aggregation1] port link-type hybrid
[AC-Bridge-Aggregation1] port hybrid vlan 100 tagged
[AC-Bridge-Aggregation1]quit
# Log into the configuration interface of the switching engine from the AC engine, and enable MLD snooping globally.
<Device> system-view
[Device] mld-snooping
[Device-mld-snooping] quit
# Create VLAN 100 and enable MLD snooping in the VLAN. Configure GigabitEthernet 1/0/2 as a trunk port and assign it to the VLAN.
[Device] vlan 100
[Device-vlan100] mld-snooping enable
[Device-vlan100] quit
[Device] interface GigabitEthernet 1/0/2
[Device-GigabitEthernet1/0/2] port link-type trunk
[Device-GigabitEthernet1/0/2] port trunk permit vlan 100
[Device-GigabitEthernet1/0/2] quit
# Configure the internal aggregate interface of the switching engine as a hybrid port and assign it to VLAN 100.
[Device] interface Bridge-Aggregation 1
[Device-Bridge-Aggregation1] port link-type hybrid
[Device-Bridge-Aggregation1] port hybrid vlan 100 tagged
[Device-Bridge-Aggregation1] quit
# Use the shortcut keys Ctrl + K to exit the switching engine configuration interface and return to the configuration interface of the AC engine.
# Configure the client to access the WLAN service and request multicast traffic destined for FF1E::1.
Verifying the configuration
# Display detailed MLD snooping group information in VLAN 100 on the AC.
[AC]display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 0 port(s).
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::1
(::, FF1E::1):
Attribute: Host Port
Host port(s):total 1 port(s).
WLAN-DBSS1:0 (D) ( 00:04:17 )
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
WLAN-DBSS1:0
The output shows that WLAN-DBSS 1:0 on the AC joins the multicast group FF1E::1.
Multicast delivery to a wireless client (for the WX3000E series)
Network requirements
As shown in Figure 8, the multicast source (Source) sends multicast traffic to multicast group FF1E::1. The client is a member of the multicast group.
The client and the source can communicate with each other and the client can receive multicast traffic from the source.
Configuration procedure
1. Configure WLAN services:
# Configure WLAN-ESS 1 and assign WLAN ESS 1 to VLAN 100.
<AC>system-view
[AC]Vlan 100
[AC-vlan100]quit
[AC]interface WLAN-ESS 1
[AC-WLAN-ESS1]port access vlan 100
[AC-WLAN-ESS1]quit
# Configure a WLAN service template with its SSID set to multicast and authentication method set to open-system. Bind the WLAN-ESS interface with the service template.
[AC]wlan service-template 1 clear
[AC-wlan-st-1]ssid Multicast
[AC-wlan-st-1]bind WLAN-ESS 1
[AC-wlan-st-1]authentication-method open-system
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
# Create AP template ap of model WA3628i-AGN and configure its serial ID as 210235A29G007C000020.
[AC]wlan ap ap model WA3628i-AGN
[AC-wlan-ap-ap]serial-id 210235A29G007C000020
# Configure the mapping between the service template and the current radio.
[AC-wlan-ap-ap]radio 1
[AC-wlan-ap-ap-radio-1]service-template 1
[AC-wlan-ap-ap-radio-1]radio enable
[AC-wlan-ap-ap-radio-1]quit
[AC-wlan-ap-ap]quit
2. Configure the wireless client to join the IPv6 multicast group:
# Create VLAN 100 and enable MLD snooping in the VLAN.
<AC>system-view
[AC] mld-snooping
[AC-mld-snooping]quit
[AC]vlan 100
[AC-vlan100] mld-snooping enable
[AC-vlan100]quit
# Configure the internal aggregate interface on the AC as a hybrid port and assign it to VLAN 100.
[AC]interface Bridge-Aggregation 1
[AC-Bridge-Aggregation1] port link-type hybrid
[AC-Bridge-Aggregation1] port hybrid vlan 100 tagged
[AC-Bridge-Aggregation1]quit
# Log into the configuration interface of the switching engine from the AC engine, and enable MLD snooping globally.
<Device> system-view
[Device] mld-snooping
[Device-mld-snooping] quit
# Create VLAN 100 and enable MLD snooping in the VLAN. Configure GigabitEthernet 1/0/2 as a trunk port and assign it to the VLAN.
[Device] vlan 100
[Device-vlan100] mld-snooping enable
[Device-vlan100] quit
[Device] interface GigabitEthernet 1/0/2
[Device-GigabitEthernet1/0/2] port link-type trunk
[Device-GigabitEthernet1/0/2] port trunk permit vlan 100
[Device-GigabitEthernet1/0/2] quit
# Configure the internal aggregate interface of the switching engine as a hybrid port and assign it to VLAN 100.
[Device] interface Bridge-Aggregation 1
[Device-Bridge-Aggregation1] port link-type hybrid
[Device-Bridge-Aggregation1] port hybrid vlan 100 tagged
[Device-Bridge-Aggregation1] quit
# Use the shortcut keys Ctrl + K to exit the switching engine configuration interface and return to the configuration interface of the AC engine.
# Configure the client to access the WLAN service and request multicast traffic destined for FF1E::1.
Verifying the configuration
# Display detailed MLD snooping group information in VLAN 100 on the AC.
[AC]display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, A-Aggregation port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 0 port(s).
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::1
(::, FF1E::1):
Attribute: Host Port
Host port(s):total 1 port(s).
WLAN-DBSS1:0 (D) ( 00:04:17 )
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
WLAN-DBSS1:0
The output shows that WLAN-DBSS 1:0 on the AC joins the multicast group FF1E::1.
MLD snooping proxying configuration example
Network requirements
As shown in Figure 9, Router A runs MLDv1 and the AC runs MLDv1 snooping. Router A serves as an MLD querier.
Configure MLD snooping proxying on the AC so that the AC can forward MLD reports and done messages on behalf of attached hosts, respond to MLD queries from Router A, and forward the queries to the hosts on behalf of Router A.
Configuration procedure
1. Configure an IP address and subnet mask for each interface as Figure 9. (Details not shown.)
2. On Router A, enable IP multicast routing, enable MLD on Ethernet 1/1, and enable IPv6 PIM-DM on each interface.
<RouterA> system-view
[RouterA] multicast ipv6 routing-enable
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] mld enable
[RouterA-Ethernet1/1] pim ipv6 dm
[RouterA-Ethernet1/1] quit
[RouterA] interface ethernet 1/2
[RouterA-Ethernet1/2] pim ipv6 dm
[RouterA-Ethernet1/2] quit
3. Configure the AC:
# Enable MLD snooping globally.
<AC> system-view
[AC] mld-snooping
[AC-mld-snooping] quit
# Create VLAN 100, assign ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to this VLAN, and enable MLD snooping and MLD snooping proxying in the VLAN.
[AC] vlan 100
[AC-vlan100] port gigabitethernet 1/0/1 gigabitethernet 1/0/2
[AC-vlan100] mld-snooping enable
[AC-vlan100] mld-snooping proxying enable
[AC-vlan100] quit
# Configure WLAN ESS interface 1 and assign it to VLAN100.
[AC]interface WLAN-ESS 1
[AC-WLAN-ESS1]port access vlan 100
[AC-WLAN-ESS1]quit
# Configure a WLAN service template with its SSID as multicast and authentication method as open-system. Bind the WLAN-ESS interface with the service template.
[AC]wlan service-template 1 clear
[AC-wlan-st-1]ssid Multicast
[AC-wlan-st-1]bind WLAN-ESS 1
[AC-wlan-st-1]authentication-method open-system
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
# Create AP template ap of model WA3628i-AGN and configure its serial ID as 210235A29G007C000020.
[AC]wlan ap ap model WA3628i-AGN
[AC-wlan-ap-ap]serial-id 210235A29G007C000020
# Configure the mapping between the service template and the current radio.
[AC-wlan-ap-ap]radio 1
[AC-wlan-ap-ap-radio-1]service-template 1
[AC-wlan-ap-ap-radio-1]radio enable
[AC-wlan-ap-ap-radio-1]quit
[AC-wlan-ap-ap]quit
Verifying the configuration
1. Verify that the AC and Router A create a forwarding entry for the IPv6 multicast group FF1E::101 after Host A and the client join the group.
# Send MLD reports from Host A and the client to join the group. (Details not shown.)
# Display information about MLD snooping groups on the AC.
[AC] display mld-snooping group
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
GE1/0/1 (D) ( 00:01:23 )
IP group(s):the following ip group(s) match to one mac group.
IP group address: FF1E::101
(::,FF1E::101):
Host port(s):total 1 port(s).
WLAN-DBSS1:0 (D)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
WLAN-DBSS1:0
# Display information about MLD multicast groups on Router A.
[RouterA] display mld group
Total 1 MLD Group(s).
Interface group report information
Ethernet1/1(2001::1):
Total 1 MLD Group reported
Group Address: FF1E::1
Last Reporter: FE80::2FF:FFFF:FE00:1
Uptime: 00:00:03
Expires: 00:04:17
2. Verify that the AC still maintains the forwarding entry for the IPv6 multicast group FF1E::101 after Host A leaves the group.
# Send an MLD done message from Host A to leave the group. (Details not shown.)
# Display information about MLD snooping groups on the AC.
[AC] display mld-snooping group
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
GE1/0/1 (D) ( 00:01:23 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Host port(s):total 1 port(s).
WLAN-DBSS1:0 (D)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port.
WLAN-DBSS1:0
Troubleshooting MLD snooping
This section describes common MLD snooping problems and how to troubleshoot them.
Layer 2 multicast forwarding cannot function
Symptom
Layer 2 multicast forwarding cannot function.
Analysis
MLD snooping is not enabled.
Solution
1. Use the display current-configuration command to view the running status of MLD snooping.
2. If MLD snooping is not enabled, use the mld-snooping command to enable MLD snooping globally, and then use the mld-snooping enable command to enable MLD snooping in VLAN view.
3. If MLD snooping is disabled only for the corresponding VLAN, use the mld-snooping enable command in VLAN view to enable MLD snooping in the corresponding VLAN.
4. If the problem persists, contact H3C Support.
Configured IPv6 multicast group policy fails to take effect
Symptom
Although an IPv6 multicast group policy has been configured to allow hosts to join specific IPv6 multicast groups, the hosts can still receive IPv6 multicast data addressed to other groups.
Analysis
· The IPv6 ACL rule is incorrectly configured.
· The IPv6 multicast group policy is not correctly applied.
· The function of dropping unknown IPv6 multicast data is not enabled, so unknown IPv6 multicast data is flooded.
· Certain ports have been configured as static member ports of IPv6 multicasts groups, and this configuration conflicts with the configured IPv6 multicast group policy.
Solution
1. Use the display acl ipv6 command to check the configured IPv6 ACL rule. Make sure the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented.
2. Use the display this command in MLD-snooping view or the corresponding interface view to verify that the correct IPv6 multicast group policy has been applied. If not, use the group-policy or mld-snooping group-policy command to apply the correct IPv6 multicast group policy.
3. Use the display current-configuration command to verify that the function of dropping unknown IPv6 multicast data is enabled. If not, use the drop-unknown or mld-snooping drop-unknown command to enable dropping unknown IPv6 multicast data.
4. Use the display mld-snooping group command to check whether any port has been configured as a static member port of any IPv6 multicast group. If so, check whether this configuration conflicts with the configured IPv6 multicast group policy. If any conflict exists, remove the port as a static member of the IPv6 multicast group.
5. If the problem persists, contact H3C Support.
