The igmp ttl-check command enables the device to check the TTL values in received IGMP Report, Leave, and Query messages on a specific interface.
The undo igmp ttl-check command restores the default configuration.
By default, the device does not check the TTL values in received IGMP Report, Leave, and Query messages on an interface.
GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, GE sub-interface view, XGE sub-interface view, MultiGE sub-interface view, 25GE sub-interface view, 40GE sub-interface view, 100GE sub-interface view, Eth-Trunk sub-interface view, VLANIF interface view, loopback interface view
Usage Scenario
This command enables TTL check for IGMP Report, Leave, and Query messages on an interface. This function protects the system against attacking IGMP messages by dropping the messages of which the TTL value is not 1. By default, TTL values of IGMP messages are not checked on an interface.
You can also configure TTL check for IGMP Report, Leave, and Query messages by using the ttl-check command in the IGMP view. This command takes effect for all IGMP-enabled interfaces.
Precautions
If both the igmp ttl-check and ttl-check commands are run, the igmp ttl-check configuration in the interface view takes precedence over the ttl-check configuration in the IGMP view.
# Enable TTL check for IGMP Report, Leave, and Query messages on a physical interface.
<HUAWEI> system-view [HUAWEI] multicast routing-enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] igmp ttl-check
# Enable TTL check for IGMP Report, Leave, and Query messages on a VLANIF interface.
<HUAWEI> system-view [HUAWEI] multicast routing-enable [HUAWEI] vlan 2 [HUAWEI-vlan2] quit [HUAWEI] interface vlanif 2 [HUAWEI-Vlanif2] igmp ttl-check