The igmp group-policy command configures an IGMP group policy on an interface to limit the range of multicast groups that the hosts can join.
The undo igmp group-policy command deletes the IGMP group policy.
By default, no IGMP group policy is configured on an interface, and the hosts can join any multicast groups.
| Parameter | Description | Value |
|---|---|---|
| acl-number | Specifies the number of a basic ACL or an advanced ACL. The ACL defines a multicast group range. | The number of a basic ACL is an integer that ranges from 2000 to 2999. The number of an advanced ACL ranges from 3000 to 3999. |
| 1 | Sets the range of multicast groups that IGMPv1 hosts can join. | - |
| 2 | Sets the range of multicast groups that IGMPv2 hosts can join. | - |
| 3 | Sets the range of multicast groups that IGMPv3 hosts can join. | - |
GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, GE sub-interface view, XGE sub-interface view, MultiGE sub-interface view, 25GE sub-interface view, 40GE sub-interface view, 100GE sub-interface view, Eth-Trunk sub-interface view, VLANIF interface view, loopback interface view
Usage Scenario
To control the multicast groups that hosts on the network attached to an interface can join, specify an ACL in the igmp group-policy command on the interface. This configuration improves security of the IGMP application. You can also use this command to prevent the switch from receiving Join messages for specified groups.
Prerequisites
IP multicast routing has been enabled using the multicast routing-enable command.
Precautions
In the basic ACL view, set source in the rule command to the range of multicast groups that an interface can join.
In the advanced ACL view, set source in the rule command to the source address that is allowed to send multicast data to the specified multicast groups, and set destination to the range of multicast groups that an interface can join.
The interface filters the received Report messages based on the ACL and maintains memberships only for the multicast groups permitted by the ACL.
The interface discards the Report messages that are denied by the ACL. If the entries of the multicast groups denied by the ACL exist on the switch, the switch deletes these entries when the aging time of the entries expires.
If the IGMP version is not specified, the specified ACL applies to IGMPv1, IGMPv2, and IGMPv3 hosts.
# Create ACL 2005, and configure a rule that allows hosts to receive data of multicast group 225.1.1.1. Configure an IGMP group policy on VLANIF100 and reference ACL 2005 to allow hosts connected to the interface to join only multicast group 225.1.1.1.
<HUAWEI> system-view [HUAWEI] acl number 2005 [HUAWEI-acl-basic-2005] rule permit source 225.1.1.1 0 [HUAWEI-acl-basic-2005] quit [HUAWEI] multicast routing-enable [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] igmp group-policy 2005
<HUAWEI> system-view [HUAWEI] acl number 2005 [HUAWEI-acl-basic-2005] rule permit source 225.1.1.1 0 [HUAWEI-acl-basic-2005] quit [HUAWEI] multicast routing-enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] igmp group-policy 2005