The igmp-snooping ip-policy command configures a policy for filtering Report or Leave messages sent by hosts in a BD. This means that you can limit users that can enjoy multicast services.
The undo igmp-snooping ip-policy command restores the default setting.
By default, no policy is configured for filtering Report or Leave messages sent by hosts in a BD. This means that any user in the BD can enjoy multicast services.
| Parameter | Description | Value |
|---|---|---|
| acl-number |
Specifies the number of an ACL. |
The value ranges from 2000 to 3999. The ACL is used to specify the permitted or denied source or destination addresses contained in IGMP Report or Leave messages sent by hosts in a VLAN. |
| acl-name acl-name |
Specifies the name of an ACL. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. The name must start with a letter or digit, and cannot contain only digits. |
Usage Scenario
To improve multicast service deployment security, configure a policy to filter out IGMP Report or Leave messages sent by specific hosts.
If a basic ACL is specified in the igmp-snooping ip-policy command, IGMP Report or Leave messages with specified source IP addresses are accepted or rejected. If an advanced ACL is specified in this command, IGMP Report or Leave messages with specified source and destination IP addresses are accepted or rejected.Prerequisites
IGMP snooping has been enabled globally.
<HUAWEI> system-view [~HUAWEI] acl 3000 [*HUAWEI-acl-adv-3000] rule deny ip destination 225.0.0.1 0 source 10.0.0.1 0 [*HUAWEI-acl-adv-3000] rule permit ip [*HUAWEI-acl-adv-3000] quit [*HUAWEI] igmp-snooping enable [*HUAWEI] bridge-domain 10 [*HUAWEI-bd10] igmp-snooping ip-policy 3000