igmp-snooping query-ip-policy (Bridge domain view)

Function

The igmp-snooping query-ip-policy command configures an IGMP Query message filtering policy for a BD.

The undo igmp-snooping query-ip-policy command restores the default configuration.

By default, no IGMP Query message filtering policy is configured in a BD. With this default setting, all hosts in the BD to join multicast groups.

Format

igmp-snooping query-ip-policy { acl-number | acl-name acl-name }

undo igmp-snooping query-ip-policy

Parameters

Parameter Description Value
acl-number

Specifies the number of a basic ACL. The ACL defines source addresses based on which IGMP Query messages in a BD are permitted or denied.

The value is an integer ranging from 2000 to 3999.
acl-name acl-name

Specifies the name of a named ACL.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported. The name must start with a letter or digit, and cannot contain only digits.

Views

Bridge domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
l2mc write

Usage Guidelines

Usage Scenario

To enable a device to filter out specific IGMP Query messages, run the igmp-snooping query-ip-policy command to configure an IGMP Query message filtering policy, improving the multicast service security. This command takes effect only for IGMP Query messages.

Example

# Enable the device to deny the IGMP Query messages with the source IP address 10.1.1.1/24 in BD 11.
<HUAWEI> system-view
[~HUAWEI] acl 2000
[*HUAWEI-acl-basic-2000] rule deny source 10.1.1.1 24
[*HUAWEI-acl-basic-2000] rule permit source any
[*HUAWEI-acl-basic-2000] quit
[*HUAWEI] igmp-snooping enable
[*HUAWEI] bridge-domain 11
[*HUAWEI-bd11] igmp-snooping query-ip-policy 2000
Parent Topic: Layer 2 Multicast Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >