multicast-source-deny

Function

The multicast-source-deny command discards multicast data packets sent from specified VLANs on an interface.

The undo multicast-source-deny command restores multicast forwarding in specified VLANs on an interface.

By default, multicast data packets from all VLANs are forwarded on an interface.

Format

multicast-source-deny [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]

undo multicast-source-deny [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]

Parameters

Parameter	Description	Value
vlan vlan-id1 [ to vlan-id2 ]	Specifies a VLAN ID. vlan-id1 specifies the first VLAN ID. to vlan-id2 specifies the last VLAN ID. vlan-id2 must be larger than vlan-id1. vlan-id1 and vlan-id2 specify a range of VLANs. If you do not specify to vlan-id2, only one VLAN is specified.	The value is an integer that ranges from 1 to 4094.

Parameter

Description

Value

vlan vlan-id1 [ to vlan-id2 ]

Specifies a VLAN ID.

vlan-id1 specifies the first VLAN ID.
to vlan-id2 specifies the last VLAN ID. vlan-id2 must be larger than vlan-id1. vlan-id1 and vlan-id2 specify a range of VLANs. If you do not specify to vlan-id2, only one VLAN is specified.

The value is an integer that ranges from 1 to 4094.

Views

MultiGE interface view, Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, port group view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After you run the multicast-source-deny command on an interface, multicast packets received from specified VLANs are discarded on the interface. You may need to use this command in the following scenarios:

A user-side interface receives multicast packets, but the switch does not need to receive multicast data packets from user-side interfaces. Discarding multicast data packets received on a user-side interface protects the system against forged multicast flows sent from malicious users.
Multiple multicast sources in different VLANs are connected to the switch through a Layer 2 network, but the switch only needs to receive multicast data from some of the multicast sources.
In some situations, for example, multicast services for users connected to an interface have expired and need to be stopped, the network administrator can use this command on this interface. Then multicast data packets from specified VLANs cannot be sent to the users.

Precautions

If you run the multicast-source-deny command multiple times, all the configurations take effect.

When using the multicast-source-deny command on an interface, ensure that the interface has been added to the specified VLANs. Otherwise, the configuration does not take effect.

This command can discard only multicast data packets that meet both of the following conditions:

The destination MAC address is an IP multicast MAC address (IPv4 MAC address starting with 0x01-00-5e or IPv6 multicast MAC address starting with 0x3333).
The packet encapsulation protocol is UDP.

Example

# Discard multicast data packets sent from VLANs 100 to 105 on GE0/0/1.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] multicast-source-deny vlan 100 to 105