The igmp-snooping ip-policy command configures a policy for filtering Report or Leave messages sent by hosts. This means that you can limit users that can enjoy multicast services.
The undo igmp-snooping ip-policy command restores the default setting.
By default, no policy is configured for filtering Report or Leave messages sent by hosts. This means that any user can enjoy multicast services.
| Parameter | Description | Value |
|---|---|---|
| acl-number |
Specifies the basic or advanced ACL. |
The number of a basic ACL is an integer that ranges from 2000 to 2999. The number of an advanced ACL ranges from 3000 to 3999. |
| acl-name acl-name |
Specifies the name of an ACL. |
The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive). |
Usage Scenario
To improve multicast service deployment security, configure a policy to filter out IGMP Report or Leave messages sent by specific hosts.
If a basic ACL is specified in the igmp-snooping ip-policy command, IGMP Report or Leave messages with specified source IP addresses are accepted or rejected. If an advanced ACL is specified in this command, IGMP Report or Leave messages with specified source and destination IP addresses are accepted or rejected.<HUAWEI> system-view [~HUAWEI] acl 3000 [*HUAWEI-acl4-advance-3000] rule deny ip destination 225.0.0.1 0 source 10.0.0.1 0 [*HUAWEI-acl4-advance-3000] rule permit ip [*HUAWEI-acl4-advance-3000] quit [*HUAWEI] mpls [*HUAWEI-mpls] quit [*HUAWEI] mpls l2vpn [*HUAWEI-l2vpn] quit [*HUAWEI] vsi vsia auto [*HUAWEI-vsi-vsia] pwsignal ldp [*HUAWEI-vsi-vsia-ldp] vsi-id 200 [*HUAWEI-vsi-vsia-ldp] quit [*HUAWEI-vsi-vsia] igmp-snooping ip-policy 3000