< Home

mld query ip-source-policy

Function

The mld query ip-source-policy command configures MLD Query message filtering based on source addresses.

The undo mld query ip-source-policy command restores the default configuration.

By default, no source address-based MLD Query message filtering is configured.

Format

mld query ip-source-policy basic-acl6-number

undo mld query ip-source-policy

Parameters

Parameter Description Value
basic-acl6-number Specifies the number of a basic ACL6, which defines the range of source addresses. The value is an integer that ranges from 2000 to 2999.

Views

GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, VLANIF interface view, loopback interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an attacker sends forged MLD Query messages with an IPv6 address smaller than the querier IPv6 address, the querier is replaced by the attacker. As a result, the real querier cannot respond to Multicast Listener Report messages from group members and bandwidth is wasted. Source address-based MLD Query message filtering can protect the querier from such attacks. With this function configured, the switch accepts only the MLD Query messages with source addresses permitted by the specified ACL6. This function controls querier election.

Prerequisites

Layer 3 IPv6 multicast has been enabled using the multicast ipv6 routing-enable command in the system view.

Precautions

  • MLD Query messages are encapsulated into IPv6 messages. This command is used to filter the source addresses in IPv6 headers.

  • After you configure source address-based MLD Query message filtering on an interface, the interface filters out the MLD Query messages whose source addresses do not match a specified ACL6 rule.

Example

# Configure VLANIF100 to receive the MLD Query messages with the source address FC00::1.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2001
[HUAWEI-acl6-basic-2001] rule permit source fc00::1 128
[HUAWEI-acl6-basic-2001] quit
[HUAWEI] multicast ipv6 routing-enable
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] mld query ip-source-policy 2001
# Configure GE0/0/1 to receive the MLD Query messages with the source address FC00::1.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2001
[HUAWEI-acl6-basic-2001] rule permit source fc00::1 128
[HUAWEI-acl6-basic-2001] quit
[HUAWEI] multicast ipv6 routing-enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo portswitch
[HUAWEI-GigabitEthernet0/0/1] mld query ip-source-policy 2001
Parent Topic: MLD Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >