igmp group-policy

Function

The igmp group-policy command configures an IGMP group policy on an interface to limit the range of multicast groups that hosts connected to the interface can join.

The undo igmp group-policy command restores the default configuration.

By default, no IGMP group policy is configured on an interface, so that hosts connected to this interface can join any multicast groups.

Format

igmp group-policy { acl-number | acl-name acl-name } { 1 | 2 | 3 }

igmp group-policy { acl-number | acl-name acl-name }

undo igmp group-policy

Parameters

Parameter Description Value
acl-number

Specifies the number of a basic ACL or an advanced ACL. The ACL defines a multicast group range.

The number of a basic ACL is an integer ranging from 2000 to 2999; the number of an advanced ACL is an integer ranging from 3000 to 3999.
acl-name acl-name

Specifies the name of a named ACL.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported.
1

Sets the range of multicast groups that an IGMPv1 host can join.

-
2

Sets the range of multicast groups that an IGMPv2 host can join.

-
3

Sets the range of multicast groups that an IGMPv3 host can join.

-

Views

100ge sub-interface view, 100GE interface view, 10GE sub-interface view, 10GE interface view, 200GE sub-interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk sub-interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE sub-interface view, GE interface view, GE electrical interface view, Global VE sub-interface view, Loopback interface view, PW-VE sub-interface view, Tunnel interface view, VBDIF interface view, VE sub-interface view, VLANIF interface view, Virtual template view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
igmp write

Usage Guidelines

Usage Scenario

To restrict the range of multicast groups that user hosts can join, run the igmp group-policy command to apply an ACL to the Router interface connected to the user hosts. IGMP security is thus improved.

Prerequisites

The multicast routing-enable command must be run in the instance to which the interface belongs and the ACL to be referenced must be configured.

Configuration Impact

If the igmp group-policy command is run more than once, the latest configuration overrides the previous one.

After the igmp group-policy command is run on an interface:

  • The interface filters received Report messages based on the ACL and maintains memberships only for multicast groups permitted by the ACL.
  • The interface discards Report messages denied by the ACL. If entries have been already created for multicast groups denied by the ACL, the device deletes these entries after the specified timeout period expires.

    If an IGMP version is not specified, the ACL applies to IGMPv1, IGMPv2, and IGMPv3 hosts.

Precautions

The igmp group-policy command requires an ACL configured using the acl command. To use a numbered ACL or named ACL, perform either of the following operations to configure an ACL rule:

  • In the basic ACL view, specify the source parameter in the rule command to set the range of multicast groups that a specified interface can join.
  • In the advanced ACL view, specify the source parameter in the rule command to set the range of source addresses that are allowed to send multicast data to multicast groups. Specify the destination parameter in the rule command to set the range of multicast groups that an interface can join.

    For IGMPv1/v2 and IGMPv3 MODE_IS_EXCLUDE/CHANGE_TO_EXCLUDE_MODE Report messages, the source parameter in the rule command must be set to 255.255.255.255.

Example

# Create an ACL named myacl, and configure a rule for the ACL to allow hosts to receive messages from multicast group 225.1.0.0/16. Apply the ACL named myacl to GE 0/1/0.
<HUAWEI> system-view
[~HUAWEI] acl name myacl
[*HUAWEI-acl4-advance-myacl] rule permit ip destination 225.1.0.0 0.0.255.255
[*HUAWEI-acl4-advance-myacl] quit
[*HUAWEI] multicast routing-enable
[*HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] undo portswitch
[*HUAWEI-GigabitEthernet0/1/0] igmp group-policy acl-name myacl
# Create ACL 2005, and configure a rule for the ACL to allow hosts to receive messages from multicast group 225.1.1.1. Apply ACL 2005 to GE 0/1/0, so that hosts connected to GE 0/1/0 can join only multicast group 225.1.1.1.
<HUAWEI> system-view
[~HUAWEI] acl number 2005
[*HUAWEI-acl4-basic-2005] rule permit source 225.1.1.1 0
[*HUAWEI-acl4-basic-2005] quit
[*HUAWEI] multicast routing-enable
[*HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] undo portswitch
[*HUAWEI-GigabitEthernet0/1/0] igmp group-policy 2005
Parent Topic: IGMP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >