The mld ttl-check command enables the device to check the TTL values in received MLD Report, Done, and Query messages on a specific interface.
The undo mld ttl-check command restores the default configuration.
By default, the device does not check the TTL values in received MLD Report, Done, and Query messages on an interface.
GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, VLANIF interface view, loopback interface view
Usage Scenario
This command enables TTL check for MLD Report, Leave, and Query messages on an interface. This function protects the system against attacking MLD messages by dropping the messages of which the TTL value is not 1. By default, TTL values of MLD messages are not checked on an interface.
You can also configure TTL check for MLD Report, Leave, and Query messages by using the ttl-check command in the MLD view. This command takes effect for all MLD-enabled interfaces.
Precautions
If both the mld ttl-check and ttl-check commands are run, the mld ttl-check configuration in the interface view takes precedence over the ttl-check configuration in the MLD view.
# Enable TTL check for MLDReport, Leave, and Query messages on a physical interface.
<HUAWEI> system-view [HUAWEI] multicast ipv6 routing-enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] mld ttl-check
# Enable TTL check for MLD Report, Leave, and Query messages on a VLANIF interface.
<HUAWEI> system-view [HUAWEI] multicast ipv6 routing-enable [HUAWEI] vlan 2 [HUAWEI-vlan2] quit [HUAWEI] interface vlanif 2 [HUAWEI-Vlanif2] mld ttl-check