mld-snooping ip-policy (VSI view)

Function

The mld-snooping ip-policy command configures a filtering policy to permit or deny MLD Report messages of hosts in a VLAN/VSI, controlling the multicast groups that the hosts can join.

The undo mld-snooping ip-policy command restores the default configuration.

By default, no filtering policy is configured, so that all hosts in a VLAN can join multicast groups.

Format

mld-snooping ip-policy { acl6-number | acl6-name acl6-name }

undo mld-snooping ip-policy

Parameters

Parameter	Description	Value
acl6-number	Specifies an ACL6 number.	The value is an integer ranging from 2000 to 3999. The ACL6 is used to permit or deny services requests of hosts in a VLAN/VSI based on source or destination addresses carried in MLD Report messages.
acl6-name acl6-name	Specifies the name of a named ACL6.	The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Parameter

Description

Value

acl6-number

Specifies an ACL6 number.

The value is an integer ranging from 2000 to 3999. The ACL6 is used to permit or deny services requests of hosts in a VLAN/VSI based on source or destination addresses carried in MLD Report messages.

acl6-name acl6-name

Specifies the name of a named ACL6.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Views

VSI-AUTO view, VSI-BD view, VSI-DEFAULT view, VSI-STATIC view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
l2mc	write

Usage Guidelines

Usage Scenario

To improve multicast service deployment security, run the mld-snooping ip-policy command to configure a filtering policy to permit or deny MLD Report messages of hosts in a VLAN/VSI.

If you specify a basic ACL6, the device filters the MLD Report messages based on the carried source IP addresses. If an advanced ACL6 is specified, the device filters MLD Report messages based on the carried source and destination addresses.

Configuration Impact

After the command is run, MLD Report messages are discarded if the carried source or destination IP addresses match the deny clause in the specified ACL6.

Precautions

This command takes effect only for MLD Report messages.

The

mld-snooping ip-policy command fails to be run in a VSI view in the following condition:

The VSI is bound to a BD.

Example

# Disable a user host with the source IP address 1::1 in VSI v1 from receiving multicast services.

<HUAWEI> system-view
[~HUAWEI] acl ipv6 2000
[*HUAWEI-acl6-basic-2000] rule deny source 1::1 128
[*HUAWEI-acl6-basic-2000] rule permit source any
[*HUAWEI-acl6-basic-2000] quit
[*HUAWEI] mld-snooping enable
[*HUAWEI] mpls
[*HUAWEI-mpls] quit
[*HUAWEI] mpls l2vpn
[*HUAWEI-l2vpn] quit
[*HUAWEI] vsi vsi1
[*HUAWEI-vsi-vsi1] pwsignal ldp
[*HUAWEI-vsi-vsi1-ldp] vsi-id 200
[*HUAWEI-vsi-vsi1-ldp] quit
[*HUAWEI-vsi-vsi1] mld-snooping ip-policy 2000