Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-MLD Snooping Configuration | 284.77 KB |
MLD snooping configuration task list
Configuring basic MLD snooping functions
Specifying the version of MLD snooping
Configuring MLD snooping port functions
Configuring aging timers for dynamic ports
Configuring a port as a simulated member host
Enabling MLD snooping fast-leave processing
Disabling a port from becoming a dynamic router port
Configuring MLD snooping querier
Configuring parameters for MLD queries and responses
Configuring the source IPv6 addresses for MLD queries
Configuring an MLD snooping policy
Configuring an IPv6 multicast group filter
Enabling dropping unknown IPv6 multicast data
Enabling MLD report suppression
Setting the maximum number of multicast groups that a port can join
Enabling IPv6 multicast group replacement
Setting the 802.1p precedence for MLD messages
Enabling the MLD snooping host tracking function
Displaying and maintaining MLD snooping
MLD snooping configuration examples
IPv6 group policy configuration example
Static port configuration example
Layer 2 multicast forwarding cannot function
Configured IPv6 multicast group policy fails to take effect
The term "router" in this document refers to both routers and access points.
Overview
By analyzing received MLD messages, an MLD snooping–enabled Layer 2 device establishes mappings between ports and multicast MAC addresses and forwards IPv6 multicast data based on these mappings.
As shown in Figure 1, without MLD snooping, the AP floods IPv6 multicast packets out of all ports in a VLAN but the incoming port. MLD snooping enables the AP to forward IPv6 multicast packets destined for a known IPv6 multicast group address out of only ports that have multicast receivers. This feature improves bandwidth efficiency, enhances multicast security, and helps per-host accounting for multicast users.
Figure 1 Before and after MLD snooping is enabled on the Layer 2 device
Basic MLD snooping concepts
This section lists the basic concepts in MLD snooping.
MLD snooping related ports
As shown in Figure 2, the router connects to the multicast source, MLD snooping runs on the switch and the AP, and Host A and Host B are receiver hosts (namely, members of an IPv6 multicast group).
Figure 2 MLD snooping related ports
As shown in Figure 2, MLD snooping divides the ports on Layer 2 switch into the following types:
· Router port—Layer 3 multicast device-side port. Layer 3 multicast devices include DRs and MLD queriers. In the figure, Ethernet 1/0 of the switch and GigabitEthernet 1/0/1 of the AP are router ports. The switch and the AP register all their local router ports in their own router port lists.
Do not confuse the "router port" in MLD snooping with the "routed interface" commonly known as the "Layer 3 interface." The router port in MLD snooping is the Layer 2 interface.
· Member port—Multicast receiver-side port. In the figure, Ethernet 1/1 of the switch and WLAN-BSS 1 and WLAN-BSS 2 of the AP are member ports. The switch and the AP register all their local member ports in their own MLD snooping forwarding tables.
Unless otherwise specified, router ports and member ports in this document include both static and dynamic router ports and member ports.
Dynamic router ports include ports that receive MLD general queries with the source address other than 0::0 and ports that receive IPv6 PIM hello messages. For more information about IPv6 PIM hello messages, see "Configuring IPv6 PIM."
Aging timers for dynamic ports in MLD snooping
Table 1 Aging timers for dynamic ports in MLD snooping and related messages and actions
|
Timer |
Description |
Message before expiry |
Action after expiry |
|
Dynamic router port aging timer. |
For each dynamic router port, the AP starts an aging timer. When the timer expires, the dynamic router port ages out. |
MLD general query of which the source address is not 0::0 or IPv6 PIM hello message. |
The AP removes this port from its router port list. |
|
Dynamic member port aging timer. |
When a port dynamically joins a multicast group, the AP starts an aging timer for the port. When the timer expires, the dynamic member port ages out. |
MLD report message. |
The AP removes this port from the MLD snooping forwarding table. |
|
|
NOTE: In MLD snooping, only dynamic ports age out. Static ports never age out. |
How MLD snooping works
An MLD snooping–enabled AP performs different actions when it receives different MLD messages.
The ports in this section are dynamic ports. For information about how to configure and remove static ports, see "Configuring static ports."
When receiving a general query
After receiving an MLD general query, the AP forwards it to all ports in the VLAN, except the port that received the query. The AP also performs one of the following actions:
· If the receiving port is a dynamic router port in the router port list, restarts the aging timer for the port.
· If the receiving port is not in the router port list, adds it into the router port list as a dynamic router port and starts an aging timer for the port.
When receiving a membership report
A host sends an MLD report to the MLD querier for the following purposes:
· If the host has been a member of an IPv6 multicast group, responds to an MLD query.
· Applies for joining an IPv6 multicast group to join.
After receiving an MLD report, the AP forwards it through all the router ports in the VLAN, resolves the address of the reported IPv6 multicast group, and performs the following judgment:
· If no forwarding entry matches the group address, the AP creates a forwarding entry for the group, adds the port that received the MLD report as a dynamic member port to the forwarding entry for the group, and starts an aging timer for the port.
· If a forwarding entry matches the group address, but the port that received the MLD report is not in the forwarding entry for the group, the AP adds the port as a dynamic member port to the forwarding entry, and starts an aging timer for the port.
· If a forwarding entry matches the group address and the port that received the MLD report is in the forwarding entry for the group, the AP restarts the aging timer for the port.
The AP does not forward an MLD report through a non-router port. The reason is that if the AP forwards a report message through a member port, all the attached hosts that are listening to the reported IPv6 multicast address, according to the MLD report suppression mechanism, suppress their own reports after receiving this report. This prevents the AP from confirming whether the reported IPv6 multicast group still has active members attached to that port. For more information about the MLD report suppression mechanism, see "Configuring MLD."
When receiving a done message
When a host leaves an IPv6 multicast group, the host sends an MLD done message to the multicast routers. When the AP receives the MLD done message on a dynamic member port, the AP first examines whether a forwarding entry matches the IPv6 multicast group address in the message, and, if a match is found, whether the forwarding entry contains the dynamic member port.
· If no forwarding entry matches the IPv6 multicast group address, or if the forwarding entry does not contain the port, the AP directly discards the MLD done message.
· If a forwarding entry matches the IPv6 multicast group address and contains the port, the AP forwards the done message to all router ports in the native VLAN. Because the AP does not know whether any other hosts attached to the port are still listening to that IPv6 multicast group address, the AP does not immediately remove the port from the forwarding entry for that group. Instead, it restarts the aging timer for the port.
After receiving the MLD done message, the MLD querier resolves the IPv6 multicast group address in the message and sends an MLD multicast-address-specific query to that IPv6 multicast group through the port that received the MLD done message. After receiving the MLD multicast-address-specific query, the AP forwards it through all its router ports in the VLAN and all member ports of the IPv6 multicast group. The AP also performs the following judgment for the port that received the MLD done message:
· If the port receives no MLD report in response to the MLD multicast-address-specific query before its aging timer expires, it indicates that no hosts attached to the port are still monitoring that IPv6 multicast group address. The AP removes the port from the forwarding entry for the IPv6 multicast group when the aging timer expires.
Protocols and standards
RFC 4541, Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches
MLD snooping configuration task list
For the configuration tasks in this section, the following rules apply:
· The configurations made in MLD-snooping view are effective for all VLANs. The configurations made in VLAN view are effective for only the current VLAN. For a given VLAN, a configuration made in MLD-snooping view is effective only if you do not make the same configuration in VLAN view.
· The configurations made in MLD-snooping view are effective for all ports. The configurations made in Layer 2 Ethernet interface view or Layer 2 aggregate interface view are effective for only the current port. The configurations made in port group view are effective for only the ports in the current port group. For a given port, a configuration made in MLD-snooping view is effective only if you do not make the same configuration in Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view.
· For MLD snooping, the configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports, nor do they participate in aggregation calculations. A configuration made on a member port of the aggregate group will take effect after the port leaves the aggregate group.
|
Task |
Remarks |
|
|
Required. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
|
Setting the maximum number of multicast groups that a port can join |
Optional. |
|
|
Optional. |
||
|
Optional. |
||
|
Optional. |
||
Configuring basic MLD snooping functions
This section describes how to configure basic MLD snooping functions.
Configuration prerequisites
Before you configure basic MLD snooping functions, complete the following tasks:
· Enable IPv6 forwarding.
· Configure the corresponding VLANs.
· Determine the MLD snooping version.
Enabling MLD snooping
When you enable MLD snooping, follow these guidelines:
· Enable MLD snooping globally before you enable it for a VLAN.
· MLD snooping for a VLAN works only on the ports within that VLAN.
To enable MLD snooping:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable MLD snooping globally and enter MLD-snooping view. |
mld-snooping |
Disabled by default. |
|
3. Return to system view. |
quit |
N/A |
|
4. Enter VLAN view. |
vlan vlan-id |
N/A |
|
5. Enable MLD snooping for the VLAN. |
mld-snooping enable |
Disabled by default. |
Specifying the version of MLD snooping
Different versions of MLD snooping can process different versions of MLD messages:
· MLDv1 snooping can process MLDv1 messages, but flood MLDv2 messages in the VLAN instead of processing them.
· MLDv2 snooping can process MLDv1 and MLDv2 messages.
If you change MLDv2 snooping to MLDv1 snooping, the system does the following:
· Clears all MLD snooping forwarding entries that are dynamically created.
· Keeps static MLDv2 snooping forwarding entries (*, G).
· Clears static MLDv2 snooping forwarding entries (S, G), which will be restored when MLD snooping is switched back to MLDv2 snooping.
For more information about static MLD snooping forwarding entries, see "Configuring static ports."
To specify the version of MLD snooping:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Specify the version of MLD snooping. |
mld-snooping version version-number |
Version 1 by default. |
Configuring MLD snooping port functions
This section describes how to configure MLD snooping port functions.
Configuration prerequisites
Before you configure MLD snooping port functions, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Configure the corresponding port groups.
· Determine the aging timer for dynamic router ports.
· Determine the aging timer for dynamic member ports.
· Determine the IPv6 multicast group and IPv6 multicast source addresses.
Configuring aging timers for dynamic ports
If the AP receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port when the aging timer of the port expires, the AP removes the port from the router port list.
If the AP receives no MLD reports for an IPv6 multicast group on a dynamic member port when the aging timer of the port expires, the AP removes the port from the forwarding entry for the IPv6 multicast group.
If the memberships of IPv6 multicast groups change frequently, you can set a relatively small value for the aging timer of the dynamic member ports. If the memberships of IPv6 multicast groups change rarely, you can set a relatively large value.
Setting the global aging timers for dynamic ports
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the global aging timer for dynamic router ports. |
router-aging-time interval |
260 seconds by default. |
|
4. Set the global aging timer for dynamic member ports. |
host-aging-time interval |
260 seconds by default. |
Setting the aging timers for the dynamic ports in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the aging timer for dynamic router ports in the VLAN. |
mld-snooping router-aging-time interval |
260 seconds by default. |
|
4. Set the aging timer for dynamic member ports in the VLAN. |
mld-snooping host-aging-time interval |
260 seconds by default. |
Configuring static ports
Configuration guidelines
· A static member port does not respond to queries from the MLD querier. When you configure a port as a static member port or cancel this configuration on the port, the port does not send an unsolicited MLD report or an MLD done message.
· Static member ports never age out. To remove such a port, use the corresponding undo command.
Configuration procedure
To configure static ports:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. |
·
Enter Layer 2 Ethernet interface view
or Layer 2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Configure the port as a static member port. |
mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
No static member ports by default. |
Configuring a port as a simulated member host
Generally, a host that runs MLD can respond to MLD queries. If a host fails to respond, the multicast router might deem that the IPv6 multicast group has no members on the subnet, and removes the corresponding forwarding path.
To avoid this situation, you can configure a port on the AP as a simulated member host for an IPv6 multicast group. When the simulated member host receives an MLD query, it gives a response. Therefore, the AP can continue receiving IPv6 multicast data.
A simulated host is equivalent to an independent host in the following ways:
· When a port is configured as a simulated member host, the AP sends an unsolicited MLD report through the port, and can respond to MLD general queries with MLD reports through the port.
· When the simulated joining configuration is canceled on the port, the AP sends an MLD done message through that port.
To configure a port as a simulated member host:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Configure the port as a simulated member host. |
mld-snooping host-join ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
A port is not a simulated member host by default. |
|
|
NOTE: Unlike a static member port, a port configured as a simulated member host ages out like a dynamic member port. |
Enabling MLD snooping fast-leave processing
The fast-leave processing feature enables the AP to process MLD done messages quickly. Upon receiving an MLD done message on a port, the AP immediately removes that port from the forwarding entry for the multicast group specified in the message. Then, when the AP receives MLD multicast-address-specific queries for that multicast group, the AP does not forward them to that port.
On a port that has only one host attached, you can enable fast-leave processing to save bandwidth and resources. However, on a port that has multiple hosts attached, you should not enable fast-leave processing if you have enabled dropping unknown IPv6 multicast data globally or for the port. Otherwise, if a host on the port leaves an IPv6 multicast group, the other hosts attached to the port in the same IPv6 multicast group cannot receive the IPv6 multicast data for the group.
Enabling MLD snooping fast-leave processing globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable MLD snooping fast-leave processing. |
fast-leave [ vlan vlan-list ] |
Disabled by default. |
Enabling MLD snooping fast-leave processing on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Enable MLD snooping fast-leave processing. |
mld-snooping fast-leave [ vlan vlan-list ] |
Disabled by default. |
Disabling a port from becoming a dynamic router port
The following problems might exist in a multicast access network:
· After receiving an MLD general query or IPv6 PIM hello message from a connected host, a router port becomes a dynamic router port. Before its timer expires, this dynamic router port receives all multicast packets within the VLAN that the port belongs to and forwards them to the host, affecting normal multicast reception of the host.
· In addition, the MLD general query and IPv6 PIM hello message that the host sends affects the multicast routing protocol state on Layer 3 devices, such as the MLD querier or DR election, and might further cause network interruption.
To solve these problems, you can disable the router port from becoming a dynamic router port after the port receives an MLD general query or IPv6 PIM hello message, so as to enhance network security and the control over multicast users.
To disable a port from becoming a dynamic router port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Disable the port from becoming a dynamic router port. |
mld-snooping router-port-deny [ vlan vlan-list ] |
By default, a port can become a dynamic router port. This configuration does not affect the static router port configuration. |
Configuring MLD snooping querier
This section describes how to configure MLD snooping querier.
Configuration prerequisites
Before you configure MLD snooping querier, complete the following tasks:
· Enable MLD snooping in the VLAN.
· Determine the interval for sending MLD general queries.
· Determine the MLD last-listener query interval.
· Determine the maximum response delay for MLD general queries.
· Determine the source IPv6 address of MLD general queries.
· Determine the source IPv6 address of MLD multicast-address-specific queries.
Enabling MLD snooping querier
In an IPv6 multicast network that run MLD, a multicast router or Layer 3 multicast switch sends MLD general queries. This allows all Layer 3 multicast devices can establish and maintain multicast forwarding entries for forwarding multicast traffic correctly at the network layer. This router or Layer 3 switch is called the "MLD querier."
However, a Layer 2 multicast switch does not support MLD and it cannot send MLD general queries by default. When you configure an MLD snooping querier in a network where multicast traffic is only switched at the data link layer and no Layer 3 multicast devices are present, the Layer 2 switch sends MLD queries, so that IPv6 multicast forwarding entries can be established and maintained at the data link layer.
It is meaningless to configure an MLD snooping querier in an IPv6 multicast network that runs MLD. Although an MLD snooping querier does not participate in MLD querier elections, it might affect MLD querier elections because it sends MLD general queries with a low source IPv6 address. For more information about MLD querier, see "Configuring MLD."
To enable MLD snooping querier in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable the MLD snooping querier. |
mld-snooping querier |
Disabled by default. |
Configuring parameters for MLD queries and responses
You can modify the MLD general query interval based on the actual condition of the network.
A multicast listening host starts a timer for each IPv6 multicast group that it has joined when it receives an MLD query (general query or multicast-address-specific query). This timer is initialized to a random value in the range of 0 to the maximum response delay advertised in the MLD query message. When the timer value decreases to 0, the host sends an MLD report to the IPv6 multicast group.
To speed up the response of hosts to MLD queries and avoid simultaneous timer expirations causing MLD report traffic bursts, you must properly set the maximum response delay.
· The maximum response delay for MLD general queries is set by the max-response-time command.
· The maximum response delay for MLD multicast-address-specific queries equals the MLD last-listener query interval.
Configuring the global parameters for MLD queries and responses
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the maximum response delay for MLD general queries. |
max-response-time interval |
10 seconds by default. |
|
4. Set the MLD last-listener query interval. |
last-listener-query-interval interval |
1 second by default. |
Configuring the parameters for MLD queries and responses in a VLAN
|
|
CAUTION: Make sure the interval for sending MLD general queries is greater than the maximum response delay for MLD general queries. Otherwise, IPv6 multicast members might be removed by mistake. |
To configure the parameters for MLD queries and responses in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the interval for sending MLD general queries. |
mld-snooping query-interval interval |
125 seconds by default. |
|
4. Set the maximum response delay for MLD general queries. |
mld-snooping max-response-time interval |
10 seconds by default. |
|
5. Set the MLD last-listener query interval. |
mld-snooping last-listener-query-interval interval |
1 second by default. |
Configuring the source IPv6 addresses for MLD queries
Changing the source IPv6 address of MLD queries might affect MLD querier election within the subnet.
To configure the source IP address for MLD queries in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure the source IPv6 address for MLD general queries. |
mld-snooping general-query source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default. |
|
4. Configure the source IPv6 address for MLD multicast-address-specific queries. |
mld-snooping special-query source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default. |
Configuring an MLD snooping policy
This section describes how to configure MLD snooping policies.
Configuration prerequisites
Before you configure an MLD snooping policy, complete the following tasks:
· Enable MLD snooping for the VLAN.
· Determine the IPv6 ACL for IPv6 multicast group filtering.
· Determine the maximum number of IPv6 multicast groups that a port can join.
· Determine the 802.1p precedence for MLD messages.
Configuring an IPv6 multicast group filter
On a MLD snooping–enabled AP, you can configure an IPv6 multicast group filter to limit multicast programs available to different users.
In an application, when a user requests a multicast program, the user's host initiates an MLD report. After receiving this report message, the AP resolves the IPv6 multicast group address in the report and looks up the ACL. If a match is found to permit the port that received the report can join this IPv6 multicast group, the AP creates an MLD snooping forwarding entry for the IPv6 multicast group and adds the port to the entry. Otherwise, the AP drops this report message. In this case, the IPv6 multicast data for the IPv6 multicast group is not sent to this port, and the user cannot retrieve the program.
Configuring an IPv6 multicast group filter globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Configure an IPv6 multicast group filter. |
group-policy acl6-number [ vlan vlan-list ] |
By default, no IPv6 group filter is globally configured, and the hosts in a VLAN can join any valid IPv6 multicast group. |
Configuring an IPv6 multicast group filter on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Configure an IPv6 multicast group filter. |
mld-snooping group-policy acl6-number [ vlan vlan-list ] |
By default, no IPv6 group filter is configured for the port, and the hosts on the port can join any valid IPv6 multicast group. |
Enabling dropping unknown IPv6 multicast data
Unknown IPv6 multicast data refers to IPv6 multicast data for which no forwarding entries exist in the MLD snooping forwarding table. When the AP receives such IPv6 multicast traffic, one of the following occurs:
· When the function of dropping unknown IPv6 multicast data is disabled, the AP floods unknown IPv6 multicast data in the VLAN that the data belongs to.
· When the function of dropping unknown IPv6 multicast data is enabled, the AP drops all received unknown IPv6 multicast data.
If you If you enable this function in MLD-snooping view, you should not enable or disable it in VLAN view, or vice versa.
Enabling dropping unknown IPv6 multicast data globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable dropping unknown IPv6 multicast data. |
drop-unknown |
Disabled by default. |
Enabling dropping unknown IPv6 multicast data in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable dropping unknown IPv6 multicast data. |
mld-snooping drop-unknown |
Disabled by default. |
Enabling MLD report suppression
When a Layer 2 switch receives an MLD report from an IPv6 multicast group member, the Layer 2 switch forwards the message to the Layer 3 device that directly connects to the Layer 2 switch. When multiple members of an IPv6 multicast group are attached to the Layer 2 switch, the Layer 3 device might receive duplicate MLD reports for the IPv6 multicast group from these members.
With the MLD report suppression function enabled, within a query interval, the Layer 2 switch forwards only the first MLD report for the IPv6 multicast group to the Layer 3 device. It does not forward subsequent MLD reports for the same IPv6 multicast group to the Layer 3 device. This helps reduce the number of packets being transmitted over the network.
To enable MLD report suppression:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable MLD report suppression. |
report-aggregation |
Enabled by default. |
Setting the maximum number of multicast groups that a port can join
You can set the maximum number of IPv6 multicast groups that a port can join to regulate the traffic on the port.
When you configure this maximum number, if the number of IPv6 multicast groups the port has joined exceeds the configured maximum value, the system deletes all the forwarding entries for the port from the MLD snooping forwarding table, and the hosts on this port join IPv6 multicast groups again until the number of IPv6 multicast groups that the port joins reaches the maximum value. When the port joins an IPv6 multicast group, if the port has been configured as a static member port, the system applies the configurations to the port again. If you have configured simulated joining on the port, the system establishes corresponding forwarding entry for the port after receiving a report from the simulated member host.
To set the maximum number of IPv6 multicast groups that a port can join:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Set the maximum number of IPv6 multicast groups that a port can join. |
mld-snooping group-limit limit [ vlan vlan-list ] |
The default depends on the product model. |
Enabling IPv6 multicast group replacement
For various reasons, the number of IPv6 multicast groups that the AP or a port can join might exceed the upper limit. In addition, in some specific applications, an IPv6 multicast group that the AP newly joins must replace an existing IPv6 multicast group automatically. A typical example is channel switching. To view a new TV channel, a user switches from the current IPv6 multicast group to the new one.
To realize such requirements, you can enable the IPv6 multicast group replacement function on the AP or on a certain port. When the number of IPv6 multicast groups that the AP or the port has joined reaches the limit, one of the following occurs:
· If the IPv6 multicast group replacement feature is disabled, new MLD reports are automatically discarded.
· If the IPv6 multicast group replacement feature is enabled, the IPv6 multicast group that the AP or the port newly joins automatically replaces an existing IPv6 multicast group that has the lowest IPv6 address.
|
|
IMPORTANT: Be sure to configure the maximum number of IPv6 multicast groups that a port can join to a value other than the default one (see "Setting the maximum number of multicast groups that a port can join)" before enabling IPv6 multicast group replacement. Otherwise, the IPv6 multicast group replacement function does not take effect. |
Enabling IPv6 multicast group replacement globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable IPv6 multicast group replacement. |
overflow-replace [ vlan vlan-list ] |
Disabled by default. |
Enabling IPv6 multicast group replacement on a port
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Enable IPv6 multicast group replacement. |
mld-snooping overflow-replace [ vlan vlan-list ] |
Disabled by default. |
Setting the 802.1p precedence for MLD messages
You can change the 802.1p precedence of MLD messages so that they can be assigned higher forwarding priority when congestion occurs on their outgoing ports.
Setting the 802.1p precedence for MLD messages globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Set the 802.1p precedence for MLD messages. |
dot1p-priority priority-number |
The default 802.1p precedence for MLD messages is 0. |
Setting the 802.1p precedence for MLD messages in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the 802.1p precedence for MLD messages. |
mld-snooping dot1p-priority priority-number |
The default 802.1p precedence for MLD messages is 0. |
Enabling the MLD snooping host tracking function
With the MLD snooping host tracking function, the AP can record the information of the member hosts that are receiving IPv6 multicast traffic, including:
· Host IPv6 address
· Running duration
· Timeout time
You can monitor and manage the member hosts according to the recorded information.
Enabling the MLD snooping host tracking function globally
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD-snooping view. |
mld-snooping |
N/A |
|
3. Enable the MLD snooping host tracking function globally. |
host-tracking |
Disabled by default. |
Enabling the MLD snooping host tracking function in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable the MLD snooping host tracking function in the VLAN. |
mld-snooping host-tracking |
Disabled by default. |
Displaying and maintaining MLD snooping
|
Task |
Command |
Remarks |
|
Display MLD snooping group information. |
display mld-snooping group [ vlan vlan-id ] [ verbose ] [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
|
Display information about the hosts tracked by MLD snooping. |
display mld-snooping host vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
|
Display statistics for MLD messages learned through MLD snooping. |
display mld-snooping statistics [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
|
Remove dynamic group entries of a specified MLD snooping group or all MLD snooping groups. |
reset mld-snooping group { ipv6-group-address | all } [ vlan vlan-id ] |
Available in user view. |
|
Clear statistics for all MLD messages learned through MLD snooping. |
reset mld-snooping statistics |
Available in user view. |
MLD snooping configuration examples
This section provides examples of configuring MLD snooping.
IPv6 group policy configuration example
Network requirements
As shown in Figure 3, the router runs MLDv1 and acts as the MLD querier. The switch and the AP run MLDv1 snooping.
Configure an IPv6 multicast group policy so that Client A can receive IPv6 multicast data only for the IPv6 multicast group FF1E::101.
Configuration procedure
1. Enable IPv6 forwarding and assign an IPv6 address and prefix length to each interface according to Figure 3. (Details not shown.)
2. Configure the router:
# Enable IPv6 multicast routing.
<Router> system-view
[Router] multicast ipv6 routing-enable
# Enable MLD and IPv6 PIM-DM on GigabitEthernet 1/0.
[Router] interface GigabitEthernet 1/0
[Router-GigabitEthernet1/0] mld enable
[Router-GigabitEthernet1/0] pim ipv6 dm
[Router-GigabitEthernet1/0] quit
# Enable IPv6 PIM-DM on GigabitEthernet 1/1.
[Router] interface GigabitEthernet 1/1
[Router-GigabitEthernet1/1] pim ipv6 dm
[Router-GigabitEthernet1/1] quit
3. Configure the switch:
# Enable MLD snooping globally.
<Switch> system-view
[Switch] mld-snooping
[Switch-mld-snooping] quit
# Create VLAN 100, and assign GigabitEthernet 1/1 through GigabitEthernet 1/3 to the VLAN.
[Switch] vlan 100
[Switch-vlan100] port GigabitEthernet 1/1 to GigabitEthernet 1/3
# Create MLD snooping for VLAN 100.
[Switch-vlan100] mld-snooping enable
[Switch-vlan100] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[Switch] interface Bridge-Aggregation 1
[Switch-Bridge-Aggregation1] quit
# Assign GigabitEthernet 1/2 and GigabitEthernet 1/3 to link aggregation group 1.
[Switch] interface GigabitEthernet 1/2
[Switch-GigabitEthernet1/2] port link-aggregation group 1
[Switch-GigabitEthernet1/2] quit
[Switch] interface GigabitEthernet 1/3
[Switch-GigabitEthernet1/3] port link-aggregation group 1
[Switch-GigabitEthernet1/3] quit
# Create Bridge-Aggregation 1 as a trunk port, and assign the port to VLAN 100.
[Switch] interface bridge-aggregation 1
[Switch-Bridge-Aggregation1] port link-type trunk
[Switch-Bridge-Aggregation1] port trunk permit vlan 100
# Configure Bridge-Aggregation 1 as a static router port of VLAN 100.
[Switch-Bridge-Aggregation1] mld-snooping static-router-port vlan 100
[Switch-Bridge-Aggregation1] quit
4. Configure the AP:
# Enable MLD snooping globally.
<AP> system-view
[AP] mld-snooping
[AP-mld-snooping] quit
# Create VLAN 100, and assign GigabitEthernet1/0/1, GigabitEthernet 1/0/2, and WLAN-BSS 1 to the VLAN.
[AP] vlan 100
[AP-vlan100] port GigabitEthernet 1/0/1
[AP-vlan100] port GigabitEthernet 1/0/2
[AP-vlan100] port WLAN-BSS1
# Enable MLD snooping and dropping unknown IPv6 multicast data for VLAN 100.
[AP-vlan100] mld-snooping enable
[AP-vlan100] mld-snooping drop-unknown
[AP-vlan100] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[AP] interface Bridge-Aggregation 1
[AP-Bridge-Aggregation1] quit
# Assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1.
[AP] interface GigabitEthernet 1/0/1
[AP-GigabitEthernet1/0/1] port link-aggregation group 1
[AP-GigabitEthernet1/0/1] quit
[AP] interface GigabitEthernet 1/0/2
[AP-GigabitEthernet1/0/2] port link-aggregation group 1
[AP-GigabitEthernet1/0/2] quit
# Configure Bridge-Aggregation 1 as a trunk port, and assign the port to VLAN 100.
[AP] interface bridge-aggregation 1
[AP-Bridge-Aggregation1] port link-type trunk
[AP-Bridge-Aggregation1] port trunk permit vlan 100
# Configure an IPv6 multicast group filter so that hosts in VLAN 100 can join only the IPv6 multicast group FF1E::101.
[AP] acl ipv6 number 2001
[AP-acl6-basic-2001] rule permit source ff1e::101 128
[AP-acl6-basic-2001] quit
[AP] mld-snooping
[AP–mld-snooping] group-policy 2001 vlan 100
[AP–mld-snooping] quit
Verifying the configuration
# Display detailed information about MLD snooping groups for VLAN 100 on the AP.
[AP] display mld-snooping group vlan 1
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
BAGG1 (D) ( 00:01:23 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Host port(s):total 1 port(s).
WLAN-BSS1 (D)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port.
WLAN-BSS1
The output shows that WLAN-BSS 1 on the AP has joined only the IPv6 multicast group FF1E::101 and VLAN 100 has only the entry of the IPv6 multicast group FF1E::101.
Static port configuration example
Network requirements
As shown in Figure 4, the router runs MLDv1 and acts as the MLD querier. The switch and the AP run MLD snooping. Link aggregation is configured between the switch and the AP.
Configure a static member port on the AP so that Client A can receive IPv6 multicast data for the group FF1E::101 without running a multicast client application.
Configuration procedure
1. Enable IPv6 forwarding and assign an IPv6 address and prefix length to each interface according to Figure 4.
2. Configure the router:
# Enable IPv6 multicast routing.
<Router> system-view
[Router] multicast ipv6 routing-enable
# Enable MLD and IPv6 PIM-DM on GigabitEthernet 1/0.
[Router] interface GigabitEthernet 1/0
[Router-GigabitEthernet1/0] mld enable
[Router-GigabitEthernet1/0] pim ipv6 dm
[Router-GigabitEthernet1/0] quit
# Enable IPv6 PIM-DM on GigabitEthernet 1/1.
[Router] interface GigabitEthernet 1/1
[Router-GigabitEthernet1/1] pim ipv6 dm
[Router-GigabitEthernet1/1] quit
3. Configure the switch:
# Enable MLD snooping globally.
<Switch> system-view
[Switch] mld-snooping
[Switch-mld-snooping] quit
# Create VLAN 100, and assign GigabitEthernet 1/1 through GigabitEthernet 1/3 to the VLAN.
[Switch] vlan 100
[Switch-vlan100] port GigabitEthernet 1/1 to GigabitEthernet 1/3
# Enable MLD snooping for VLAN 100.
[Switch-vlan100] mld-snooping enable
[Switch-vlan100] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[Switch] interface Bridge-Aggregation 1
[Switch-Bridge-Aggregation1] quit
# Assign GigabitEthernet 1/2 and GigabitEthernet 1/3 to link aggregation group 1.
[Switch] interface GigabitEthernet 1/2
[Switch-GigabitEthernet1/2] port link-aggregation group 1
[Switch-GigabitEthernet1/2] quit
[Switch] interface GigabitEthernet 1/3
[Switch-GigabitEthernet1/3] port link-aggregation group 1
[Switch-GigabitEthernet1/3] quit
# Configure Bridge-Aggregation 1 as a trunk port, and assign the port to VLAN 100.
[Switch] interface bridge-aggregation 1
[Switch-Bridge-Aggregation1] port link-type trunk
[Switch-Bridge-Aggregation1] port trunk permit vlan 100
# Configure Bridge-Aggregation 1 as a static router port.
[Switch-Bridge-Aggregation1] mld-snooping static-router-port vlan 100
[Switch-Bridge-Aggregation1] quit
4. Configure the AP:
# Enable MLD snooping globally.
<AP> system-view
[AP] mld-snooping
[AP-mld-snooping] quit
# Create VLAN 100, and assign GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and WLAN-BSS1 to the VLAN.
[AP] vlan 100
[AP-vlan100] port GigabitEthernet 1/0/1
[AP-vlan100] port GigabitEthernet 1/0/2
[AP-vlan100] port WLAN-BSS1
# Enable MLD snooping and dropping unknown IPv6 multicast data for VLAN 100.
[AP-vlan100] mld-snooping enable
[AP-vlan100] mld-snooping drop-unknown
[AP-vlan100] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[AP] interface Bridge-Aggregation 1
[AP-Bridge-Aggregation1] quit
# Assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1.
[AP] interface GigabitEthernet 1/0/1
[AP-GigabitEthernet1/0/1] port link-aggregation group 1
[AP-GigabitEthernet1/0/1] quit
[AP] interface GigabitEthernet 1/0/2
[AP-GigabitEthernet1/0/2] port link-aggregation group 1
[AP-GigabitEthernet1/0/2] quit
# Configure Bridge-Aggregation 1 as a trunk port, and assign it to VLAN 100.
[AP] interface bridge-aggregation 1
[AP-Bridge-Aggregation1] port link-type trunk
[AP-Bridge-Aggregation1] port trunk permit vlan 100
# Configure Bridge-Aggregation 1 as a static member port of VLAN 100.
[AP-Bridge-Aggregation1] mld-snooping static-group ff1e::101 vlan 100
[AP-Bridge-Aggregation1] quit
Verifying the configuration
# Display detailed information about MLD snooping groups for VLAN 100 on the AP.
[AP] display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Attribute: Host Port
Host port(s):total 1 port(s).
BAGG1 (S)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
BAGG1 (S)
The output shows that the Layer 2 aggregate interface Bridge-Aggregation 1 has become a static router port.
Troubleshooting MLD snooping
This section describes common MLD snooping problems and how to troubleshoot them.
Layer 2 multicast forwarding cannot function
Symptom
Layer 2 multicast forwarding cannot function.
Analysis
MLD snooping is not enabled.
Solution
1. Use the display current-configuration command to view the running status of MLD snooping.
2. If MLD snooping is not enabled, use the mld-snooping command to enable MLD snooping globally, and then use the mld-snooping enable command to enable MLD snooping in VLAN view.
3. If MLD snooping is disabled only for the corresponding VLAN, use the mld-snooping enable command in VLAN view to enable MLD snooping in the corresponding VLAN.
Configured IPv6 multicast group policy fails to take effect
Symptom
Although an IPv6 multicast group policy has been configured to allow hosts to join specific IPv6 multicast groups, the hosts can still receive IPv6 multicast data addressed to other groups.
Analysis
· The IPv6 ACL rule is incorrectly configured.
· The IPv6 multicast group policy is not correctly applied.
· The function of dropping unknown IPv6 multicast data is not enabled, so unknown IPv6 multicast data is flooded.
Solution
1. Use the display acl ipv6 command to check the configured IPv6 ACL rule. Make sure the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented.
2. Use the display this command in MLD-snooping view or the corresponding interface view to verify that the correct IPv6 multicast group policy has been applied. If not, use the group-policy or mld-snooping group-policy command to apply the correct IPv6 multicast group policy.
3. Use the display current-configuration command to verify that the function of dropping unknown IPv6 multicast data is enabled. If not, use the drop-unknown or mld-snooping drop-unknown command to enable dropping unknown IPv6 multicast data.
