mld-snooping query-ip-policy

Function

The mld-snooping query-ip-policy command configures an MLD Query message filtering policy for a VLAN/VSI.

The undo mld-snooping query-ip-policy command restores the default configuration.

By default, no MLD Query message filtering policy is configured in a VLAN/VSI. With this default setting, all hosts in the VLAN/VSI to join multicast groups.

Format

mld-snooping query-ip-policy { acl-number | acl6-name acl6-name }

undo mld-snooping query-ip-policy

Parameters

Parameter Description Value
acl-number

Specifies the number of a basic ACL6. The ACL6 defines source addresses based on which MLD Query messages in a VLAN/VSI are permitted or denied.

The value is an integer ranging from 2000 to 3999.
acl6-name acl6-name

Specifies the name of a named ACL6.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Views

VLAN view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
l2mc write

Usage Guidelines

Usage Scenario

To enable a device to filter out specific MLD Query messages, run the mld-snooping query-ip-policy command to configure an MLD Query message filtering policy, improving the multicast service security. This command takes effect only for MLD Query messages.

Example

# Enable the device to deny the MLD Query messages with the source IP address 100::1 64 in VLAN 11.
<HUAWEI> system-view
[~HUAWEI] acl ipv6 2000
[*HUAWEI-acl6-basic-2000] rule deny source 100::1 64
[*HUAWEI-acl6-basic-2000] rule permit source any
[*HUAWEI-acl6-basic-2000] quit
[*HUAWEI] mld-snooping enable
[*HUAWEI] vlan 11
[*HUAWEI-vlan11] mld-snooping query-ip-policy 2000
Parent Topic: Layer 2 Multicast Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >