Mld snooping что это в роутере

Fundamentals

MLD snooping is a basic IPv6
Layer 2 multicast function that forwards and controls multicast traffic
at Layer 2. MLD snooping runs on a Layer 2 device and analyzes MLD
messages exchanged between a Layer 3 device and hosts to set up and
maintain a Layer 2 multicast forwarding table. The Layer 2 device
forwards multicast packets based on the Layer 2 multicast forwarding
table.

On an IPv6 multicast network shown in Figure 7-331, after receiving multicast
packets from Router, Switch at the edge of the access layer forwards
the multicast packets to receiver hosts. If Switch does not run MLD
snooping, it broadcasts multicast packets at Layer 2. After MLD snooping
is configured, Switch forwards multicast packets only to specified
hosts.

With MLD snooping configured, Switch listens on MLD messages
exchanged between Router and hosts. It analyzes packet information
(such as packet type, group address, and receiving interface) to set
up and maintain a Layer 2 multicast forwarding table, and forwards
multicast packets based on the Layer 2 multicast forwarding table.

Figure 7-331  Multicast packet transmission before and after MLD snooping
is configured on a Layer 2 device

Basic Concepts

As shown in Figure 7-332, Router connects to the
multicast source. MLD snooping is configured on SwitchA and SwitchB.
HostA, HostB, and HostC are receiver hosts.

Figure 7-332  MLD snooping ports

Figure 7-332 shows MLD snooping ports. The following table describes these ports.

Table 7-169  MLD snooping ports

Port Role

Function

Generation

Router port

Ports marked as blue points on SwitchA
and SwitchB.

NOTE:

A router port is a port on a
Layer 2 multicast device and connects to an upstream multicast router.

A router port receives multicast packets from a Layer 3
multicast device such as a designated router (DR) or MLD querier.

  • A dynamic router port is generated by MLD snooping. A port
    becomes a dynamic router port when it receives an MLD General Query
    message or IPv6 PIM Hello message with any source address except 0::0.
    The IPv6 PIM Hello messages are sent from the PIM port on a Layer
    3 multicast device to discover and maintain neighbor relationships.

  • A static router port is manually configured.

Member port

Ports marked as yellow points on SwitchA
and SwitchB.

A member port is a member of a multicast group. A Layer
2 multicast device sends multicast data to the receiver hosts through
member ports.

  • A dynamic member port is generated by MLD snooping. A Layer
    2 multicast device sets a port as a dynamic member port when the port
    receives an MLD Report message.

  • A static member port is manually configured.

The router port and member port are outbound interfaces
in Layer 2 multicast forwarding entries. A router port functions as
an upstream interface, while a member port functions as a downstream
interface. Port information learned through protocol packets is saved
as dynamic entries, and port information manually configured is saved
as static entries.

Besides the outbound interfaces, each entry
includes multicast group addresses and VLAN IDs.

  • Multicast group addresses can be multicast IP addresses or multicast
    MAC addresses mapped from multicast IP addresses. In MAC address-based
    forwarding mode, multicast data may be forwarded to hosts that do
    not require the data because multiple IP addresses are mapped to the
    same MAC address. The IP address-based forwarding mode can prevent
    this problem.
  • The VLAN ID specifies a Layer 2 broadcast domain.

Implementation

After MLD snooping
is configured, the Layer 2 multicast device processes the received
MLD protocol packets in different ways and sets up Layer 2 multicast
forwarding entries.

Table 7-170  MLD message processing by MLD snooping

MLD Working Phase

MLD Message Received on a Layer 2 Device

Processing Method

General query

The MLD querier periodically sends General
Query messages to all hosts and the router (FF02::1) on the local
network segment, to check which multicast groups have members on the
network segment.

MLD General Query message

A Layer 2 device forwards MLD General Query messages to
all ports excluding the port receiving the messages. The Layer 2 device
processes the receiving port as follows:

  • If the port is included in the router port list, the Layer 2 device
    resets the aging timer of the router port.
  • If the port is not in the router port list, the Layer 2 device
    adds it to the list and starts the aging timer.

NOTE:

By default, the Layer 2 device sets the
aging time to 180 seconds when the router port receives an MLD General
Query message. You can set the aging time using a command.

Membership report

Membership Report messages are used
in two scenarios:

  • Upon receiving an MLD General Query message, a member returns
    an MLD Report message.
  • A member sends an MLD Report message to the MLD querier to announce
    its joining to a multicast group.

MLD Report message

A Layer 2 device forwards an MLD Report message to all router
ports in a VLAN. The Layer 2 device obtains the multicast group address
from the Report message and performs the following operations on the
port receiving the message:

  • If the multicast group matches no forwarding entry, the Layer
    2 device creates a forwarding entry, adds the port to the outbound
    interface list as a dynamic member port, and starts the aging timer.
  • If the multicast group matches a forwarding entry but the port
    is not in the outbound interface list, the Layer 2 device adds the
    port to the outbound interface list as a dynamic member port, and
    starts the aging timer.
  • If the multicast group matches a forwarding entry and the port
    is in the router port list, the Layer 2 device resets the aging timer.

NOTE:

Aging time of a dynamic router port
= Robustness variable x General query interval + Maximum response
time for General Query messages

Leave of multicast members

There are two phases:

  1. Members send MLD Done messages to notify the MLD querier that
    the members have left a multicast group.
  2. Upon receiving the MLD Done message, the MLD querier obtains the
    multicast group address and sends a Multicast-Address-Specific Query/Multicast-Address-and-Source-Specific
    Query message to the multicast group.

MLD Leave message

The Layer 2 device determines whether the multicast group
matches a forwarding entry and whether the port that receives the
message is in the outbound interface list.

  • If no forwarding entry matches the multicast group or the outbound
    interface list of the matching entry does not contain the receiving
    port, the Layer 2 device drops the MLD Leave message.
  • If the multicast group matches a forwarding entry and the port
    is in the outbound interface list, the Layer 2 device forwards the
    MLD Leave message to all router ports in the VLAN.

The following assumes that the port receiving an MLD Leave
message is a dynamic member port. Within the aging time of the member
port:

  • If the port receives MLD Report messages in response to the Multicast-Address-Specific
    Query message, the Layer 2 device knows that the multicast group has
    members connected to the port and resets the aging timer.
  • If the port receives no MLD Report message in response to the
    Multicast-Address-Specific Query message, no member of the multicast
    group exists under the interface. Then the Layer 2 device deletes
    the port from the outbound interface list when the aging time is reached.

Multicast-Address-Specific Query/Multicast-Address-and-Source-Specific
Query message

A Multicast-Address-Specific Query/Multicast-Address-and-Source-Specific
Query message is forwarded to all ports in a VLAN excluding the port
receiving the message.

Upon receiving an IPv6 PIM Hello message, a Layer 2 device
forwards the message to all ports excluding the port that receives
the Hello message. The Layer 2 device processes the receiving port
as follows:

  • If the port is included in the router port list, the device resets
    the aging timer of the router port.
  • If the port is not in the router port list, the device adds it
    to the list and starts the aging timer.

When the Layer 2 device receives an IPv6
PIM Hello message, it sets the aging time of the router port to the
Holdtime value in the Hello message.

If a static
router port is configured, the Layer 2 device forwards received MLD
Report and Done messages to the static router port. If a static member
port is configured for a multicast group, the Layer 2 device adds
the port to the outbound interface list for the multicast group.

After a Layer 2 multicast forwarding table is set up, the Layer
2 device searches the multicast forwarding table for outbound interfaces
of multicast data packets according to the VLAN IDs and destination
addresses (IPv6 group addresses) of the packets. If outbound interfaces
are found for a packet, the Layer 2 device forwards the packet to
all the member ports of the multicast group. If no outbound interface
is found, the Layer 2 device drops the packet or broadcasts the packet
in the VLAN.

MLD — Multicast Listener Discovery Protocol — протокол определения получателей многоадресных потоков, использующийся в IPv6. Аналогичную роль в IPv4 выполняет протокол IGMP. Данный коммутатор поддерживает протокол MLD версии 2.

4.2. Настройка MLD Snooping

  1. Включить функцию MLD Snooping;

  2. Настроить функцию MLD Snooping.

  1. Включить функцию MLD Snooping:

Команда

Описание

ipv6 mld snooping

no ipv6 mld snooping

!  В режиме глобальной конфигурации

Включить MLD Snooping

Отключить MLD Snooping

2. Настроить функцию MLD Snooping:

Команда

Описание

ipv6 mld snooping vlan <vlan-id>

no ipv6 mld snooping vlan <vlan-id>

!  В режиме глобальной конфигурации

Включить IGMP Snooping для VLAN <vlan-id>

Отключить IGMP Snooping для VLAN <vlan-id>

ipv6 mld snooping vlan <vlan-id> limit {group <g_limit> | source <s_limit>}

no ipv6 mld snooping vlan <vlan-id> limit

!  В режиме глобальной конфигурации

Задать максимальное количество групп group <1-65535> или источников для групп source <1-65535> для VLAN <vlan-id>

Восстановить значения по-умолчанию: group <1-65535> — 50, source <1-65535> — 40

ipv6 mld snooping vlan <vlan-id> l2-general-querier

no ipv6 mld snooping vlan <vlan-id> l2-general-querier

!  В режиме глобальной конфигурации

Включить функцию L2 General-Querier для VLAN <vlan-id>

Выключить функцию L2 General-Querier для VLAN <vlan-id>

ipv6 mld snooping vlan <vlan-id> mrouter-port interface <interface –name>

no ipv6 mld snooping vlan <vlan-id> mrouter-port interface <interface –name>

!  В режиме глобальной конфигурации

Задать Mrouter порт <interface –name> для <vlan-id>

Удалить Mrouter порт <interface –name> для <vlan-id>

ipv6 mld snooping vlan <vlan-id> mrouter-port learnpim6

no ipv6 mld snooping vlan <vlan-id> mrouter-port learnpim6

!  В режиме глобальной конфигурации

Включить динамическое добавление Mrouter порта для VLAN <vlan-id>, из которого получены PIM-пакеты. Команда no отменяет это действие.

ipv6 mld snooping vlan <vlan-id> mrpt <value>

no ipv6 mld snooping vlan <vlan-id> mrpt

!  В режиме глобальной конфигурации

Задать максимальное время жизни в секундах <value> Mrouter-порта, определенного динамически для <vlan-id>.

Восстановить значение <value> по-умолчанию — 255 секунд.

ipv6 mld snooping vlan <vlan-id> query-interval <value>

no ipv6 mld snooping vlan <vlan-id> query-interval

!  В режиме глобальной конфигурации

Задать интервал отправки <value> в секундах MLD query для <vlan-id>.

Восстановить значение <value> по-умолчанию — 125 секунд.

ipv6 mld snooping vlan <vlan-id> immediate-leave

no ipv6 mld snooping vlan <vlan-id> immediate-leave

!  В режиме глобальной конфигурации

Включить функцию быстрого удаления подписки на группу для <vlan-id>

Выключить функцию быстрого удаления подписки на группу для VLAN <vlan-id>

ipv6 mld snooping vlan <vlan-id> query-mrsp <value>

no ipv6 mld snooping vlan <vlan-id> query-mrsp

!  В режиме глобальной конфигурации

Задать максимальное время ответа на General Query <value> в секундах для VLAN <vlan-id>

Восстановить значение по-умолчанию — 10 секунд

ipv6 mld snooping vlan <vlan-id> query-robustness <value>

no ipv6 mld snooping vlan <vlan-id> query-robustness

!  В режиме глобальной конфигурации

Задать количество <value> MLD Query без ответа, после отправки которых коммутатор удалит запись MLD snooping для VLAN <vlan-id>.

Восстановить значение по-умолчанию — 2.

ipv6 mld snooping vlan <vlan-id> suppression-query-time <value>

no ipv6 mld snooping vlan <vlan-id> suppression-query-time

!  В режиме глобальной конфигурации

Задать время подавления Querier <value> в секундах при получении query в том же сегменте VLAN <vlan-id>.

Вернуть значение по-умолчанию — 255 секунд.

Ipv6 mld snooping vlan <vlan-id> static-group <X:X::X:X> [source <X:X::X:X>] interface [ethernet | port-channel] <IFNAME>

no ipv6 mld snooping vlan <vlan-id> static-group <X:X::X:X> [source <X:X::X:X>] interface [ethernet | port-channel] <IFNAME>

!  В режиме глобальной конфигурации

Задать статическую подписку на группу <X:X::X:X> от источника [source <X:X::X:X>] на интерфейс <IFNAME> для VLAN <vlan-id>.

Удалить указанную статическую подписку на группу.

4.3. Пример конфигурации MLD Snooping

Сценарий №1: IGMP Snooping

Рисунок 48.1 — MLD Snooping

Как показано на рисунке 48.1, порты коммутатора 1, 2, 6, 10 и 12 добавлены во VLAN 100 на коммутаторе. Multicast маршрутизатор подключен к порту 1, а 4 хоста к остальным портам 2, 6, 10 и 12 соответственно. Поскольку IGMP Snooping по-умолчанию отключен, он должен быть включен сначала глобально, а затем и для VLAN 100. Кроме того, порт 1 должен быть выбран в качестве Mrouter порта для VLAN 100. Эти настройки можно осуществить следующим образом:

SwitchA(config)#ipv6 mld snooping
SwitchA(config)#ipv6 mld snooping vlan 100
SwitchA(config)#ipv6 mld snooping vlan 100 mrouter interface ethernet 1/0/1

Предположим, что сервер вещает 2 потока с использованием групповых адресов FF02::1:FF11:1111 и FF02::1:FF22:2222. Хосты из портов 2 и 3 подписались на группу FF02::1:FF11:1111, а хост из порта 6 — на группу 239.255.0.2.
Во время подписки IGMP Snooping создаст таблицу, которая будет содержать соответствие портов 2 и 3 группе FF02::1:FF11:1111, а порта 6 — группе FF02::1:FF22:2222, в результате каждый порт получит трафик только тех групп, которую он запросил и не получит трафик других групп, но каждый порт сможет получить трафик любой их групп, запросив её.

Сценарий №2: IGMP Querier

Рисунок 48.2 — MLD Querier

Схема, изображенная на рисунке 48.2, претерпела изменения: вместо Multicast маршрутизатора подключен источник мультикаст трафика, а между ним и Switch A подключен коммутатор Switch B, выполняющий роль IGMP Querier. Но подписчики, источник и порты между ними также принадлежат к VLAN 100.
Конфигурация Switch A такая же, как и в предыдущем примере. Конфигурация Switch B будет выглядеть следующим образом:

SwitchA#config
SwitchA(config)#ipv6 mld snooping
SwitchA(config)#ipv6 mld snooping vlan 100
SwitchA(config)#ipv6 mld snooping vlan 100 L2-general-querier

4.4. Решение проблем с конфигураци MLD Snooping

При настройке и использовании MLD Snooping могут возникнуть проблемы из-за физического соединения, а также некорректной настройки. Поэтому проверьте следующее:

  • Убедитесь, что физическое соединение присутствует;

  • Убедитесь, что IGMP Snooping включен как глобально, так и в нужном VLAN;

  • Убедитесь, что на данном коммутаторе сконфигурирован L2 general querier или mrouter порт присутствует;

  • Используйте команду show ipv6 mld snooping vlan <vlan_id> для проверки сконфигурированных параметров.

Introduction


IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) snooping allow the bridge to listen to IGMP/MLD communication and make forwarding decisions for multicast traffic based on the received information. By default, bridges are flooding multicast traffic to all bridge ports just like broadcast traffic, which might not always be the best scenario (e.g. for multicast video traffic or SDVoE applications). The IGMP/MLD snooping tries to solve the problem by forwarding the multicast traffic only to ports where clients are subscribed to, see an IGMP/MLD network concept below. RouterOS bridge is able to process IGMP v1/v2/v3 and MLD v1/v2 packets. The implemented bridge IGMP/MLD snooping is based on RFC4541, and IGMP/MLD protocols are specified on RFC1112 (IGMPv1) RFC2236 (IGMPv2), RFC3376 (IGMPv3), RFC2710 (MLDv1), RFC3810 (MLDv2).

Source-specific multicast forwarding is not supported for IGMP v3 and MLD v2.

The bridge will process the IGMP/MLD messages only when igmp-snooping is enabled. Additionally, the bridge should have an active IPv6 address in order to process MLD packets. At first, the bridge does not restrict the multicast traffic and all multicast packets get flooded. Once IGMP/MLD querier is detected by receiving an IGMP/MLD query message (the query message can be received by an external multicast router or locally by bridge interface with enabled multicast-querier), only then the bridge will start to restrict unknown IP multicast traffic and forward the known multicast from the multicast database (MDB). The IGMP and MLD querier detection is independent, which means that detecting only IGMP querier will not affect IPv6 multicast forwarding and vice versa. The querier detection also does not restrict the forwarding of non-IP and link-local multicast groups, like 224.0.0.0/24 and ff02::1.

CRS3xx series devices with Marvell-98DX3236, Marvell-98DX224S or Marvell-98DX226S switch chip are not able to distinguish non-IP/IPv4/IPv6 multicast packets once IGMP or MLD querier is detected. It means that the switch will stop forwarding all unknown non-IP/IPv4/IPv6 multicast traffic when the querier is detected. This does not apply to certain link-local multicast address ranges, like 224.0.0.0/24 or ff02::1.

Configuration options


This section describes the IGMP and MLD snooping bridge configuration options.

Sub-menu: /interface bridge

Property

Description

igmp-snooping (yes | no; Default: no) Enables IGMP and MLD snooping.
igmp-version (2 | 3; Default: 2) Selects the IGMP version in which IGMP membership queries will be generated when the bridge interface is acting as an IGMP querier. This property only has an effect when igmp-snooping and multicast-querier is set to yes.
last-member-interval (time; Default: 1s)

When the last client on the bridge port unsubscribes to a multicast group and the bridge is acting as an active querier, the bridge will send group-specific IGMP/MLD query, to make sure that no other client is still subscribed. The setting changes the response time for these queries. In case no membership reports are received in a certain time period (last-member-interval * last-member-query-count), the multicast group is removed from the multicast database (MDB).

If the bridge port is configured with fast-leave, the multicast group is removed right away without sending any queries.

This property only has an effect when igmp-snooping and multicast-querier is set to yes.

last-member-query-count (integer: 0..4294967295; Default: 2) How many times should last-member-interval pass until the IGMP/MLD snooping bridge stops forwarding a certain multicast stream. This property only has an effect when igmp-snooping and multicast-querier is set to yes.
membership-interval (time; Default: 4m20s) The amount of time after an entry in the Multicast Database (MDB) is removed if no IGMP/MLD membership reports are received on a bridge port. This property only has an effect when igmp-snooping is set to yes.
mld-version (1 | 2; Default: 1) Selects the MLD version in which MLD membership queries will be generated, when the bridge interface is acting as an MLD querier. This property only has an effect when the bridge has an active IPv6 address, igmp-snooping and multicast-querier is set to yes.
multicast-querier (yes | no; Default: no)

Multicast querier generates periodic IGMP/MLD general membership queries to which all IGMP/MLD capable devices respond with an IGMP/MLD membership report, usually a PIM (multicast) router or IGMP proxy generates these queries.

By using this property you can make an IGMP/MLD snooping enabled bridge to generate IGMP/MLD general membership queries. This property should be used whenever there is no active querier (PIM router or IGMP proxy) in a Layer2 network. Without a multicast querier in a Layer2 network, the Multicast Database (MDB) is not being updated, the learned entries will timeout and IGMP/MLD snooping will not function properly.

Only untagged IGMP/MLD general membership queries are generated, IGMP queries are sent with IPv4 0.0.0.0 source address, MLD queries are sent with IPv6 link-local address of the bridge interface. The bridge will not send queries if an external IGMP/MLD querier is detected (see the monitoring values igmp-querier and mld-querier).

This property only has an effect when igmp-snooping is set to yes.

multicast-router (disabled | permanent | temporary-query; Default: temporary-query) A multicast router port is a port where a multicast router or querier is connected. On this port, unregistered multicast streams and IGMP/MLD membership reports will be sent. This setting changes the state of the multicast router for a bridge interface itself. This property can be used to send IGMP/MLD membership reports and multicast traffic to the bridge interface for further multicast routing or proxying. This property only has an effect when igmp-snooping is set to yes.

  • disabled — disabled multicast router state on the bridge interface. Unregistered multicast streams and IGMP/MLD membership reports are not sent to the bridge interface regardless of what is configured on the bridge interface.
  • permanent — enabled multicast router state on the bridge interface. Unregistered multicast streams and IGMP/MLD membership reports are sent to the bridge interface itself regardless of what is configured on the bridge interface.
  • temporary-query — automatically detect multicast router state on the bridge interface using IGMP/MLD queries.
querier-interval (time; Default: 4m15s) Changes the timeout period for detected querier and multicast-router ports. This property only has an effect when igmp-snooping is set to yes.
query-interval (time; Default: 2m5s) Changes the interval on how often IGMP/MLD general membership queries are sent out when the bridge interface is acting as an IGMP/MLD querier. The interval takes place when the last startup query is sent. This property only has an effect when igmp-snooping and multicast-querier is set to yes.
query-response-interval (time; Default: 10s) The setting changes the response time for general IGMP/MLD queries when the bridge is acting as an IGMP/MLD querier. This property only has an effect when igmp-snooping and multicast-querier is set to yes.
startup-query-count (integer: 0..4294967295; Default: 2) Specifies how many times general IGMP/MLD queries must be sent when bridge interface is enabled or active querier timeouts. This property only has an effect when igmp-snooping and multicast-querier is set to yes.
startup-query-interval (time; Default: 31s250ms) Specifies the interval between startup general IGMP/MLD queries. This property only has an effect when igmp-snooping and multicast-querier is set to yes.

Sub-menu: /interface bridge port

Property

Description

fast-leave (yes | no; Default: no) Enables IGMP/MLD fast leave feature on the bridge port. The bridge will stop forwarding multicast traffic to a bridge port when an IGMP/MLD leave message is received. This property only has an effect when igmp-snooping is set to yes.
multicast-router (disabled | permanent | temporary-query; Default: temporary-query) A multicast router port is a port where a multicast router or querier is connected. On this port, unregistered multicast streams and IGMP/MLD membership reports will be sent. This setting changes the state of the multicast router for bridge ports. This property can be used to send IGMP/MLD membership reports and multicast streams to certain bridge ports for further multicast routing or proxying. This property only has an effect when igmp-snooping is set to yes.

  • disabled — disabled multicast router state on the bridge port. Unregistered multicast streams and IGMP/MLD membership reports are not sent to the bridge port regardless of what is connected to it.
  • permanent — enabled multicast router state on the bridge port. Unregistered multicast and IGMP/MLD membership reports are sent to the bridge port regardless of what is connected to it.
  • temporary-query — automatically detect multicast router state on the bridge port using IGMP/MLD queries.
unknown-multicast-flood (yes | no; Default: yes)

Changes the multicast flood option on bridge port, only controls the egress traffic. When enabled, the bridge allows flooding multicast packets to the specified bridge port, but when disabled, the bridge restricts multicast traffic from being flooded to the specified bridge port. The setting affects all multicast traffic, this includes non-IP, IPv4, IPv6 and the link-local multicast ranges (e.g. 224.0.0.0/24 and ff02::1).

Note that when igmp-snooping is enabled and IGMP/MLD querier is detected, the bridge will automatically restrict unknown IP multicast from being flooded, so the setting is not mandatory for IGMP/MLD snooping setups.

When using this setting together with igmp-snooping, the only multicast traffic that is allowed on the bridge port is the known multicast from the MDB table. 

Sub-menu: /interface bridge mdb

Property

Description

bridge (name; Default: ) The bridge interface to which the MDB entry is going to be assigned.
disabled (yes | no; Default: no) Disables or enables static MDB entry.
group (ipv4 | ipv6 address; Default: ) The IPv4 or IPv6 multicast address. Static entries for link-local multicast groups 224.0.0.0/24 and ff02::1 cannot be created, as these packets are always flooded on all ports and VLANs. 
ports (name; Default: ) The list of bridge ports to which the multicast group will be forwarded.
vid (integer: 1..4094; Default: ) The VLAN ID on which the MDB entry will be created, only applies when vlan-filtering is enabled. When VLAN ID is not specified, the entry will work in shared-VLAN mode and dynamically apply on all defined VLAN IDs for particular ports.

Monitoring and troubleshooting


This section describes the IGMP/MLD snooping bridge monitoring and troubleshooting options. 

To monitor learned multicast database (MDB) entries, use the print command.

Sub-menu: /interface bridge mdb

Property

Description

bridge (read-only: name) Shows the bridge interface the entry belongs to.
group (read-only: ipv4 | ipv6 address) Shows a multicast group address.
on-ports (read-only: name) Shows the bridge ports which are subscribed to the certain multicast group.
vid (read-only: integer) Shows the VLAN ID for the multicast group, only applies when vlan-filtering is enabled.
[admin@MikroTik] /interface bridge mdb print 
Flags: D - DYNAMIC
Columns: GROUP, VID, ON-PORTS, BRIDGE
 #   GROUP              VID  ON-PORTS  BRIDGE 
 0 D ff02::2              1  bridge1   bridge1
 1 D ff02::6a             1  bridge1   bridge1
 2 D ff02::1:ff00:0       1  bridge1   bridge1
 3 D ff02::1:ff01:6a43    1  bridge1   bridge1
 4 D 229.1.1.1           10  ether2    bridge1
 5 D 229.2.2.2           10  ether3    bridge1
                             ether2           
 6 D ff02::2             10  ether5    bridge1
                             ether3           
                             ether2           
                             ether4            

To monitor the current status of a bridge interface, use the monitor command.

Sub-menu: /interface bridge

Property

Description

igmp-querier (none | interface & IPv4 address) Shows a bridge port and source IP address from the detected IGMP querier. Only shows detected external IGMP querier, local bridge IGMP querier (including IGMP proxy and PIM) will not be displayed. Monitoring value appears only when igmp-snooping is enabled.
mld-querier (none | interface & IPv6 address) Shows a bridge port and source IPv6 address from the detected MLD querier. Only shows detected external MLD querier, local bridge MLD querier will not be displayed. Monitoring value appears only when igmp-snooping is enabled and the bridge has an active IPv6 address.
multicast-router (yes | no) Shows if a multicast router is detected on the bridge interface. Monitoring value appears only when igmp-snooping is enabled.
[admin@MikroTik] /interface bridge monitor bridge1
                  state: enabled
    current-mac-address: 64:D1:54:C7:3A:59
            root-bridge: yes
         root-bridge-id: 0x8000.64:D1:54:C7:3A:59
         root-path-cost: 0
              root-port: none
             port-count: 3
  designated-port-count: 3
           fast-forward: no
       multicast-router: no
           igmp-querier: ether2 192.168.10.10
            mld-querier: ether2 fe80::e68d:8cff:fe39:3824

To monitor the current status of bridge ports, use the monitor command.

Sub-menu: /interface bridge port

Property

Description

multicast-router (yes | no) Shows if a multicast router is detected on the port. Monitoring value appears only when igmp-snooping is enabled.
[admin@MikroTik] > /interface bridge port monitor [find]
              interface: ether2          ether3          ether4
                 status: in-bridge       in-bridge       in-bridge
            port-number: 1               2               3
                   role: designated-port designated-port designated-port
              edge-port: no              yes             yes
    edge-port-discovery: yes             yes             yes
    point-to-point-port: yes             yes             yes
           external-fdb: no              no              no
           sending-rstp: yes             yes             yes
               learning: yes             yes             yes
             forwarding: yes             yes             yes
       multicast-router: yes             no              no
       hw-offload-group: switch1         switch1         switch1

Configuration examples


Below are described the most common configuration examples. Some examples are using a bridge with VLAN filtering, so make sure to understand the filtering principles first — bridge VLAN filtering, bridge VLAN table.

Basic IGMP snooping configuration

The first example consists only of a single IGMP snooping bridge, a single multicast source device, and a couple of multicast client devices. See a network scheme below.

First, create a bridge interface with enabled IGMP snooping. In this example, there is no active IGMP querier (no multicast router or proxy), so a local IGMP querier must be enabled on the same bridge. This can be done with a multicast-querier setting. If there is no active IGMP querier in the LAN, the unregistered IP multicast will be flooded and multicast entries will always timeout from the multicast database.

/interface bridge
add igmp-snooping=yes multicast-querier=yes name=bridge1

Then add necessary interfaces as bridge ports.

/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5

The basic IGMP snooping configuration is finished. Use «/interface bridge mdb print" command to monitor the active multicast groups. If necessary, you can configure an IP address and DHCP server on the same bridge interface. 

IGMP snooping configuration with VLANs

The second example adds some complexity. There are two IGMP snooping bridges and we need to isolate the multicast traffic on a different VLAN. See a network scheme below.

First, create a bridge on both devices and add needed interfaces as bridge ports. To change untagged VLAN for a bridge port, use the pvid setting. The Bridge1 will be acting as an IGMP querier. Below are configuration commands for the Bridge1:

/interface bridge
add igmp-snooping=yes multicast-querier=yes name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=10
add bridge=bridge1 interface=ether3 pvid=10
add bridge=bridge1 interface=ether4 pvid=10
add bridge=bridge1 interface=ether5 pvid=20
add bridge=bridge1 interface=sfp-sfpplus1 pvid=10

And for the Bridge2:

/interface bridge
add igmp-snooping=yes name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether3 pvid=10
add bridge=bridge1 interface=ether4 pvid=10
add bridge=bridge1 interface=ether5 pvid=20
add bridge=bridge1 interface=sfp-sfpplus1 pvid=10

Bridge IGMP querier implementation can only send untagged IGMP queries. In case tagged IGMP queries should be sent or IGMP queries should be generated in multiple VLANs, it is possible to install a multicast package, add a VLAN interface and configure a PIM interface on VLAN. The PIM interface can be used as an IGMP querier.

Make sure to configure management access for devices. It is essential when configuring a bridge with VLAN filtering. In this example, a VLAN 99 interface with an IP address is added to the bridge. This VLAN will be allowed on the tagged sfp-sfpplus1 port. Below are configuration commands for the Bridge1:

/interface vlan
add interface=bridge1 name=MGMT vlan-id=99
/ip address
add address=192.168.99.1/24 interface=MGMT network=192.168.99.0
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp-sfpplus1 vlan-ids=99

And for the Bridge2:

/interface vlan
add interface=bridge1 name=MGMT vlan-id=99
/ip address
add address=192.168.99.2/24 interface=MGMT network=192.168.99.0
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp-sfpplus1 vlan-ids=99

Add bridge VLAN entries and specify tagged and untagged ports. The VLAN 99 entry was already created when configuring management access, only VLAN 10 and VLAN 20 should be added now. Below are configuration commands for the Bridge1:

/interface bridge vlan
add bridge=bridge1 untagged=ether2,ether3,ether4,sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether5 vlan-ids=20

And for the Bridge2:

/interface bridge vlan
add bridge=bridge1 untagged=ether3,ether4,sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether5 vlan-ids=20

Last, enable VLAN filtering. Below is the configuration command for Bridge1 and Bridge2:

/interface bridge set [find name=bridge1] vlan-filtering=yes

At this point, VLANs and IGMP snooping are configured and devices should be able to communicate through ports. However, it is recommended to go even a step further and apply some additional filtering options. Enable ingress-filtering and frame-types on bridge ports. Below are configuration commands for the Bridge1:

/interface bridge port
set [find interface=ether2] ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
set [find interface=ether3] ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
set [find interface=ether4] ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
set [find interface=ether5] ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
set [find interface=sfp-sfpplus1] ingress-filtering=yes

And for the Bridge2:

/interface bridge port
set [find interface=ether3] ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
set [find interface=ether4] ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
set [find interface=ether5] ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
set [find interface=sfp-sfpplus1] ingress-filtering=yes

Static MDB entries

Since RouterOS version 7.7, it is possible to create static MDB entries for IPv4 and IPv6 multicast groups. For example, to create a static MDB entry for multicast group 229.10.10.10 on ports ether2 and ether3 on VLAN 10, use the command below:

/interface bridge mdb
add bridge=bridge1 group=229.10.10.10 ports=ether2,ether3 vid=10

Verify the results with the print command:

[admin@MikroTik] > /interface bridge mdb print where group=229.10.10.10
Columns: GROUP, VID, ON-PORTS, BRIDGE
 # GROUP         VID  ON-PORTS  BRIDGE 
12 229.10.10.10   10  ether2    bridge1
                      ether3   

In case a certain IPv6 multicast group does not need to be snooped and it is desired to be flooded on all ports and VLANs, it is possible to create a static MDB entry on all VLANs and ports, including the bridge interface itself. Use the command below to create a static MDB entry for multicast group ff02::2 on all VLANs and ports (modify the ports setting for your particular setup):

/interface bridge mdb
add bridge=bridge1 group=ff02::2 ports=bridge1,ether2,ether3,ether4,ether5

[admin@MikroTik] > /interface bridge mdb print where group=ff02::2
Flags: D - DYNAMIC
Columns: GROUP, VID, ON-PORTS, BRIDGE
 #   GROUP    VID  ON-PORTS  BRIDGE 
 0   ff02::2                 bridge1
15 D ff02::2    1  bridge1   bridge1
16 D ff02::2   10  bridge1   bridge1
                   ether2           
                   ether3           
                   ether4           
                   ether5           
17 D ff02::2   20  bridge1   bridge1
                   ether2           
                   ether3           
18 D ff02::2   30  bridge1   bridge1
                   ether2           
                   ether3     

Implementing MLD Snooping

This module describes how to implement MLD snooping on the Cisco ASR 9000 Series Router.

Feature History for MLD Snooping

Release

Modification

Release 4.3.0

This feature was introduced.

MLD Snooping

Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at Layer 2. By snooping the MLD
membership reports sent by hosts in the bridge domain, the MLD snooping application can set up Layer 2 multicast forwarding
tables to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast
traffic.

MLD snooping uses the information in MLD membership report messages to build corresponding information in the forwarding tables
to restrict IPv6 multicast traffic at Layer 2. The forwarding table entries are in the form <Route, OIF List>, where:

  • Route is a <*, G> route or <S, G> route.

  • OIF List comprises all bridge ports that have sent MLD membership reports for the specified route plus all multicast router
    (mrouter) ports in the bridge domain.

For more information regarding MLD snooping, refer the
Multicast Configuration Guide for Cisco ASR 9000 Series Routers
.

Prerequisites for MLD Snooping

  • The network must be configured with a layer2 VPN.

  • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include
    the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact
    your AAA administrator for assistance.

Restrictions for MLD Snooping

Following are the restrictions (features that are not supported):

  • MLD Snooping is supported only on L2VPN bridge domains.

  • Explicit host tracking.

  • Multicast Admission Control.

  • Security filtering.

  • Report rate limiting.

  • Multicast router discovery.

Advantages of MLD Snooping

Advantages of MLD Snooping

  • In its basic form, it reduces bandwidth consumption by reducing multicast traffic that would otherwise flood an entire VPLS
    bridge domain.

  • With the use of some optional configurations, it provides security between bridge domains by filtering the MLD reports received
    from hosts on one bridge port and preventing leakage towards the hosts on other bridge ports.

High Availability (HA) features for MLD

MLD supports the following HA features:

  • Process restarts

  • RP Failover

  • Stateful Switch-Over (SSO)

  • Non-Stop Forwarding (NSF)—Forwarding continues unaffected while the control plane is restored following a process restart
    or route processor (RP) failover.

  • Line card online insertion and removal (OIR)

Bridge Domain Support for MLD

MLD snooping operates at the bridge domain level. When MLD snooping is enabled on a bridge domain, the snooping functionality
applies to all ports under the bridge domain, including:

  • Physical ports under the bridge domain.

  • Ethernet flow points (EFPs)—An EFP can be a VLAN, VLAN range, list of VLANs, or an entire interface port.

  • Pseudowires (PWs) in VPLS bridge domains.

  • Ethernet bundles—Ethernet bundles include IEEE 802.3ad link bundles and Cisco EtherChannel bundles. From the perspective of
    the MLD snooping application, an Ethernet bundle is just another EFP. The forwarding application in the Cisco ASR 9000 Series Routers randomly nominates a single port from the bundle to carry the multicast traffic.

Multicast Router and Host Ports

MLD snooping classifies each port as one of the following:

  • Multicast router ports (mrouter ports)—These are ports to which a multicast-enabled router is connected. Mrouter ports are
    usually dynamically discovered, but may also be statically configured. Multicast traffic is always forwarded to all mrouter
    ports, except when an mrouter port is the ingress port.

  • Host ports—Any port that is not an mrouter port is a host port.

Multicast Router Discovery for MLD

MLD snooping discovers mrouter ports dynamically. You can also explicitly configure a port as an emrouter port.

  • Discovery- MLD snooping identifies upstream mrouter ports in the bridge domain by snooping mld query messages and Protocol
    Independent Multicast Version 2 (PIMv2) hello messages. Snooping PIMv2 hello messages identifies mld nonqueriers in the bridge
    domain.

  • Static configuration—You can statically configure a port as an mrouter port with the
    mrouter command in a profile attached to the port.
    Static configuration can help in situations when incompatibilities with non-Cisco
    equipment prevent dynamic discovery.

Multicast Traffic Handling for MLD

The following tables describe the traffic handling behavior by MLD mrouters and host ports.

Table 1. Multicast Traffic Handling for a MLDv1 Querier

Traffic Type

Received on MRouter Ports

Received on Host Ports

IP multicast source traffic

Forwards to all mrouter ports and to host ports that indicate interest.

Forwards to all mrouter ports and to host ports that indicate interest.

MLD general queries

Forwards to all ports.

MLD group-specific queries

Forwards to all other mrouter ports.

Dropped

MLDv1 joins

Examines (snoops) the reports.

  • If report suppression is enabled, forwards first join for a new group or first join following a general query for an existing
    group.

  • If report suppression is disabled, forwards on all mrouter ports.

Examines (snoops) the reports.

  • If report suppression is enabled, forwards first join for a new group or first join following a general query for an existing
    group.

  • If report suppression is disabled, forwards on all mrouter ports.

MLDv2 reports

Ignores

Ignores

MLDv1 leaves

Invokes last member query processing.

Invokes last member query processing.

Table 2. Multicast Traffic Handling for a MLDv2 Querier

Traffic Type

Received on MRouter Ports

Received on Host Ports

IP multicast source traffic

Forwards to all mrouter ports and to host ports that indicate interest.

Forwards to all mrouter ports and to host ports that indicate interest.

MLD general queries

Forwards to all ports.

MLD group-specific queries

If received on the querier port floods on all ports.

MLDv1 joins

Handles as MLDv2 IS_EX{} reports.

Handles as MLDv2 IS_EX{} reports.

MLDv2 reports

  • If proxy reporting is enabled—For state changes or source-list changes, generates a state change report on all mrouter ports.

  • If proxy reporting is disabled—Forwards on all mrouter ports.

  • If proxy reporting is enabled—For state changes or source-list changes, generates a state change report on all mrouter ports.

  • If proxy reporting is disabled—Forwards on all mrouter ports.

MLDv1 leaves

Handles as MLDv2 IS_IN{} reports.

Handles as MLDv2 IS_IN{} reports.

Creating a MLD Snooping Profile

SUMMARY STEPS

  1. configure

  2. mld
    snooping profile

    profile-name
  3. Optionally, add commands to override default configuration values.
  4. commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

mld
snooping profile

profile-name

Example:


RP/0/RSP0/CPU0:router(config)# mld snooping profile default-bd-profile

Enters MLD snooping profile configuration mode and creates a named profile.

The default profile enables MLD snooping. You can commit the new profile without any additional configurations, or you can
include additional configuration options to the profile. You can also return to the profile later to add configurations, as
described in other tasks in this module.

Step 3

Optionally, add commands to override default configuration values.

If you are creating a bridge domain profile, consider the following:

  • An empty profile is appropriate for attaching to a bridge domain. An empty profile enables MLD snooping with default configuration
    values.

  • You can optionally add more commands to the profile to override default configuration values.

  • If you include port-specific configurations in a bridge domain profile, the configurations apply to all ports under the bridge,
    unless another profile is attached to a port.

If you are creating a port-specific profile, consider the following:

  • While an empty profile could be attached to a port, it would have no effect on the port configuration.

  • When you attach a profile to a port, MLD snooping reconfigures that port, overriding any inheritance of configuration values
    from the bridge-domain profile. You must repeat the commands in the port profile if you want to retain those configurations.

You can detach a profile, change it, and reattach it to add commands to a profile at a later time.

Step 4

commit

Activating MLD Snooping on a Bridge Domain

To activate MLD snooping on a bridge domain, attach a MLD snooping profile to the desired bridge domain as explained here.

SUMMARY STEPS

  1. configure

  2. l2vpn
  3. bridge group
    bridge-group-name
  4. bridge-domain
    bridge-domain-name
  5. mld snooping profile
    profile-name
  6. commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

l2vpn

Example:


RP/0/RSP0/CPU0:router(config)# l2vpn

Enters Layer 2 VPN configuration mode.

Step 3

bridge group
bridge-group-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group GRP1

Enters Layer 2 VPN VPLS bridge group configuration mode for the named bridge group.

Step 4

bridge-domain
bridge-domain-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain ISP1

Enters Layer 2 VPN VPLS bridge group bridge domain configuration mode for the named bridge domain.

Step 5

mld snooping profile
profile-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mld snooping profile default-bd-profile

Attaches the named MLD snooping profile to the bridge domain, enabling MLD snooping on the bridge domain.

Step 6

commit

Deactivating MLD Snooping on a Bridge Domain

To deactivate MLD snooping from a bridge domain, remove the profile from the bridge domain using the following steps:

Note


A bridge domain can have only one profile attached to it at a time.


SUMMARY STEPS

  1. configure

  2. l2vpn
  3. bridge group
    bridge-group-name
  4. bridge-domain
    bridge-domain-name
  5. no mld snooping
  6. commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

l2vpn

Example:


RP/0/RSP0/CPU0:router(config)# l2vpn

Enters Layer 2 VPN configuration mode.

Step 3

bridge group
bridge-group-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group GRP1

Enters Layer 2 VPN VPLS bridge group configuration mode for the named bridge group.

Step 4

bridge-domain
bridge-domain-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain ISP1

Enters Layer 2 VPN VPLS bridge group bridge domain configuration mode for the named bridge domain.

Step 5

no mld snooping

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# no mld snooping

Detaches the MLD snooping profile from the bridge domain, disabling MLD snooping on that bridge domain.

Note

 

Only one profile can be attached to a bridge domain at a time. If a profile is attached, MLD snooping is enabled. If a profile
is not attached, MLD snooping is disabled.

Step 6

commit

Configuring Static Mrouter Ports (MLD)

Before you begin

MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.

Note


Static mrouter port configuration is a port-level option and should be added to profiles intended for ports. It is not recommended
to add mrouter port configuration to a profile intended for bridge domains.


SUMMARY STEPS

  1. configure

  2. mld snooping profile
    profile-name
  3. mrouter
  4. commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

mld snooping profile
profile-name

Example:


RP/0/RSP0/CPU0:router(config)# mld snooping profile mrouter-port-profile

Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

Step 3

mrouter

Example:


RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# mrouter

Configures a port as a static mrouter port.

Step 4

commit

Configuring Router Guard (MLD)

To prevent multicast routing protocol messages from being received on a port and, therefore, prevent a port from being a dynamic
mrouter port, follow these steps. Note that both router guard and static mrouter commands may be configured on the same port.

Before you begin

MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.

Note


Router guard configuration is a port-level option and should be added to profiles intended for ports. It is not recommended
to add router guard configuration to a profile intended for bridge domains. To do so would prevent all mrouters, including
MLD queriers, from being discovered in the bridge domain.


SUMMARY STEPS

  1. configure

  2. mld snooping profile
    profile-name
  3. router-guard
  4. commit

  5. show mld snooping profile
    profile-name
    detail

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

mld snooping profile
profile-name

Example:


RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile

Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

Step 3

router-guard

Example:


RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# router-guard

Protects the port from dynamic discovery.

Step 4

commit

Step 5

show mld snooping profile
profile-name
detail

Example:


RP/0/RSP0/CPU0:router# show mld snooping profile host-port-profile detail

(Optional) Displays the configuration settings in the named profile.

Configuring Immediate-leave for MLD

To add the MLD snooping immediate-leave option to an MLD snooping profile, follow these steps.

SUMMARY STEPS

  1. configure

  2. mld snooping profile
    profile-name
  3. immediate-leave
  4. commit

  5. show mld snooping profile
    profile-name
    detail

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

mld snooping profile
profile-name

Example:


RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile

Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

Step 3

immediate-leave

Example:


RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# immediate-leave

Enables the immediate-leave option.

  • If you add this option to a profile attached to a bridge domain, it applies to all ports under the bridge.

  • If you add this option to a profile attached to a port, it applies to the port.

Step 4

commit

Step 5

show mld snooping profile
profile-name
detail

Example:


RP/0/RSP0/CPU0:router# show mld snooping profile host-port-profile detail

(Optional) Displays the configuration settings in the named profile.

Configuring Internal Querier for MLD

Before you begin

MLD snooping must be enabled on the bridge domain for this procedure to take effect.

SUMMARY STEPS

  1. configure

  2. mld snooping profile
    profile-name
  3. system-ip-address
    ip-addr
  4. internal-querier
  5. commit

  6. show mld snooping profile
    profile-name
    detail

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

mld snooping profile
profile-name

Example:


RP/0/RSP0/CPU0:router(config)# mld snooping profile internal-querier-profile

Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

Step 3

system-ip-address
ip-addr

Example:


RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# system-ip-address 10.1.1.1

Configures an IP address for internal querier use. The default system-ip-address value (0.0.0.0) is not valid for the internal
querier. You must explicitly configure an IP address.

Step 4

internal-querier

Example:


RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# internal-querier

Enables an internal querier with default values for all options.

Step 5

commit

Step 6

show mld snooping profile
profile-name
detail

Example:


RP/0/RSP0/CPU0:router# show mld snooping profile internal-querier-profile detail

(Optional) Displays the configuration settings in the named profile.

Configuring Static Groups for MLD

To add one or more static groups or MLDv2 source groups to an MLD snooping profile, follow these steps.

Before you begin

MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.

SUMMARY STEPS

  1. configure

  2. mld snooping profile
    profile-name
  3. static-group
    group-addr [source
    source-addr]
  4. Repeat the previous step, as needed, to add more static groups.
  5. commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Step 2

mld snooping profile
profile-name

Example:


RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile

Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

Step 3

static-group
group-addr [source
source-addr]

Example:


RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# static-group 239.1.1.1 source 10.0.1.1

Configures a static group.

  • If you add this option to a profile attached to a bridge domain, it applies to all ports under the bridge.

  • If you add this option to a profile attached to a port, it applies to the port.

Step 4

Repeat the previous step, as needed, to add more static groups.

(Optional) Adds additional static groups.

Step 5

commit

Configuring MLD Snooping

  1. Create two profiles:

    
    mld snooping profile bridge_profile
    !
    mld snooping profile port_profile
       mrouter
    !
    
    
  2. Configure two physical interfaces for L2 support.

    
    interface GigabitEthernet0/8/0/38
       negotiation auto
       l2transport
       no shut
       !
    !
    interface GigabitEthernet0/8/0/39
       negotiation auto
       l2transport
       no shut
       !
    !
    
    
  3. Add interfaces to the bridge domain. Attach bridge_profile to the bridge domain
    and port_profile to one of the Ethernet interfaces. The second Ethernet interface
    inherits MLD snooping configuration attributes from the bridge domain profile.

    
    l2vpn
      bridge group bg1
         bridge-domain bd1
         mld snooping profile bridge_profile
         interface GigabitEthernet0/8/0/38
           mld snooping profile port_profile
         interface GigabitEthernet0/8/0/39
         !
      !
    !
    
    
  4. Verify the configured bridge ports.

    
    show mld snooping port
    
    

Multicast Listener Discovery over BVI

MLDv2 support over BVI enables implementing IPv6 multicast routing over a L2 segment of the network that is using an IPv6
VLAN. The multicast routes are bridged through BVI interface from L3 segment to the L2 segment of the network.

Note


  • As per MLDv2 RFC recommendation the MLDv2 reports should carry the Hop-by-Hop options header for the reports to get punted
    up.

  • MLDv2 is supported over BVI only when BVI is configured as a forwarding interface.

  • This feature is supported only on 64-bit Linux-based IOS XR ASR 9000 operating system.


MLD and BVI Overview

Routers use the Internet Group Management Protocol (IGMP) (IPv4) and Multicast Listener Discovery (MLD) (IPv6) to learn whether
members of a group are present on their directly attached subnets. Hosts join multicast groups by sending IGMP or MLD report
messages.

MLDv2 shares feature parity with IGMPv3 with respect to all supported interface types with the exception of PPoE and subinterfaces.
MLDv2 enables a node to report interest in listening to packets only from specific multicast source addresses.

A BVI interface is a routed interface representing a set of interfaces (bridged) in the same L2 broadcast domain. MLD join
messages coming in or out of this broadcast domain passes through the BVI interface.

Configure MLD Over BVI

This sample configuration shows how to configure BVI interface to join a multicast group and statically forward multicast
traffic using MLDv2:

router# configure terminal
router (config)# router mld
router (config-mld)# vrf BVI
router (config-mld-vrf)# interface BVI100
router (config-mld-vrf-int)# join-group fe32::1 192::4
router (config-mld-vrf-int)# static-group fe32::2 192::4
router (config-mld-vrf-int)# commit
router (config-mld-vrf-int)# exit
router (config-mld-vrf)# exit
router (config-mld)# exit
router (config)# exit

Verification

Use the command show mld bvi stats and show mld group bvi < num> to verify the MLDv2 over BVI configuration:

router# show mld bvi stats
Thu Nov 22 13:58:34.474 UTC
AIPC buffers received                     : 8365
AIPC buffer released                      : 8365
AIPC messages send blocked                : 0
AIPC buffer release failed                : 0
AIPC NULL buffer handles                  : 0
AIPC open notifications received          : 0
AIPC close notifications received         : 0
AIPC error notifications received         : 0
AIPC LWM notifications received           : 0
AIPC input waiting notifications received : 8308
AIPC send status notifications received   : 2485
AIPC publish notifications received       : 0
AIPC queue full notifications received    : 0
AIPC output notifications received        : 0
AIPC connect notifications received       : 1
IGMP protocol messages received           : 8365
IGMP Mrouter Add messages received        : 0
IGMP Mrouter Delete messages received     : 0
IGMP Mrouter Sweep messages received      : 1
IGMP Mrouter Add messages transmitted     : 13
IGMP Mrouter Delete messages transmitted  : 22
IGMP Mrouter Sweep messages transmitted   : 0
IGMP Mrouter Unknown messages received    : 0
IGMP Mrouter Unknown messages transmitted : 0
AIPC transmission error                   : 0
AIPC buffers transmited                   : 0
IGMP protocol buffers transmitted         : 2482
IGMP Mrouter buffers transmitted          : 3
IGMP Unknown buffers transmited           : 0
IGMP WTX Msgs received                    : 0
IGMP WTX Msgs sent                        : 0
IGMP WTX Msgs sent to protocol            : 0
IGMP WTX Msgs dropped due DC              : 99264
IGMP WTX Msgs dropped no memory           : 0
IGMP WTX Msgs freed                       : 0

router# show mld group bvi 100
Thu Nov 22 13:58:52.055 UTC
MLD Connected Group Membership

BVI100

Group Address : ff02::2
Last Reporter : fe80::1a33:9dff:fe3d:b73f
       Uptime : 03:31:07
      Expires : never
Group Address : ff02::d
Last Reporter : fe80::1a33:9dff:fe3d:b73f
       Uptime : 03:31:07
show mld group bvi 100
Thu Nov 22 13:58:52.055 UTC
MLD Connected Group Membership

BVI100

Group Address : ff02::2
Last Reporter : fe80::1a33:9dff:fe3d:b73f
       Uptime : 03:31:07
      Expires : never
Group Address : ff02::d
Last Reporter : fe80::1a33:9dff:fe3d:b73f
       Uptime : 03:31:07
      Expires : never
Group Address : ff02::16
Last Reporter : fe80::1a33:9dff:fe3d:b73f
       Uptime : 03:31:07
      Expires : never
Group Address : ff02::1:ff01:1
Last Reporter : fe80::1a33:9dff:fe3d:b73f
       Uptime : 01:59:20
      Expires : 00:04:01
Group Address : ff02::1:ff3d:b73f
Last Reporter : fe80::1a33:9dff:fe3d:b73f
       Uptime : 01:59:20
      Expires : 00:04:01
Group Address : ff33::2:52:1:1
Last Reporter : fe80::5869
       Uptime : 03:30:49
      Expires : not used
Group Address : ff33::2:52:1:2
Last Reporter : fe80::5869
       Uptime : 03:30:49
      Expires : not used
Group Address : ff33::2:52:1:3
Last Reporter : fe80::5869
       Uptime : 03:30:49
      Expires : not used
Group Address : ff33::2:52:1:4
Last Reporter : fe80::5869
       Uptime : 03:30:49
      Expires : not used
Group Address : ff33::2:52:1:5
Last Reporter : fe80::5869
       Uptime : 03:30:49
      Expires : not used
Group Address : ff33::2:52:1:6
Last Reporter : fe80::5869
       Uptime : 03:30:49
      Expires : not used
Group Address : ff33::2:52:1:7
Last Reporter : fe80::5869
       Uptime : 03:30:49
      Expires : not used

IPv6 Multicast Listener Discovery Snooping over BVI

Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at L2. By snooping the MLD membership
reports sent by hosts in the bridge domain, the MLD snooping application can set up L2 multicast forwarding tables. This table
is later used to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast
traffic.

MLDv2 support over BVI enables implementing IPv6 multicast routing over a L2 segment of the network that is using an IPv6
VLAN. The multicast routes are bridged via BVI interface from L3 segment to L2 segment of the network.

MLDv2 snooping over BVI enables forwarding MLDv2 membership reports received over the L2 domain to MLD snooping instead of
MLD.

Configuring Internal Querier for MLD Snooping

This configuration enables a multicast router acting as a MLD querier to send out group-and-source-specific query:

router# config
RP0/0/RP0/CPU0:router(config)# mld snooping profile grp1
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# system-ip-address fe80::1 link-local
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# internal-querier
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# commit
Verification

Use the show mld snooping profile detail command to verify the MLD snooping configuration:

router# show mld snooping profile detail
Thu Nov 22 13:58:18.844 UTC
MLD  Snoop Profile grp1: 
  System IP Address:                    fe80::1
  Bridge Domain References:             2
  Port References:                      12

MLD  Snoop Profile grp10: 
  System IP Address:                    fe80::5610
  Bridge Domain References:             0
  Port References:                      0

Configuring MLD Snooping on Ethernet Bundles

  1. This example assumes that the front-ends of the bundles are preconfigured.
    For example, a bundle configuration might consist of three switch
    interfaces, as follows:

    
        interface Port-channel1
        !
    interface GigabitEthernet0/0/0/0
        !
    interface GigabitEthernet0/0/0/1
    !
        interface GigabitEthernet0/0/0/2
           channel-group 1 mode on
        !
        interface GigabitEthernet0/0/0/3
           channel-group 1 mode on
        !
    
    
  2. Configure two MLD snooping profiles.

    
           mld snooping profile bridge_profile
           !
           mld snooping profile port_profile
              mrouter
           !
    
    
  3. Configure interfaces as bundle member links.

    
           interface GigabitEthernet0/0/0/0
             bundle id 1 mode on
             negotiation auto
           !
           interface GigabitEthernet0/0/0/1  
             bundle id 1 mode on
             negotiation auto
           !
           interface GigabitEthernet0/0/0/2
             bundle id 2 mode on
             negotiation auto
           !
           interface GigabitEthernet0/0/0/3
             bundle id 2 mode on
             negotiation auto
           !
    
    
  4. Configure the bundle interfaces for L2 transport.

    
    interface Bundle-Ether 1
              l2transport
              !
           !
           interface Bundle-Ether 2
              l2transport
              !
           !
    
    
  5. Add the interfaces to the bridge domain and attach MLD snooping profiles.

    
           l2vpn
             bridge group bg1
                bridge-domain bd1
                mld snooping profile bridge_profile
                interface bundle-Ether 1
                  mld snooping profile port_profile
                interface bundle-Ether 2
                !
             !
          !
    
    
  6. Verify the configured bridge ports.

    
    show mld snooping port
    
    

Configuring Layer 2 Multicast

CHAPTERS

1. Layer 2 Multicast

2. IGMP Snooping Configuration

3. MLD Snooping Configuration

4. MVR Configuration

5. Multicast Filtering Configuration

6. Viewing Multicast Snooping Information

7. Configuration Examples

8. Appendix: Default Parameters

This guide applies to:

T1500G-8T v2 or above, T1500G-10PS v2 or above, T1500G-10MPS v2 or above, T1500-28PCT v3 or above, T1600G-18TS v2 or above, T1600G-28PS v3 or above, T1600G-28TS v3 or above, T1600G-52PS v3 or above, T1600G-52TS v3 or above, T1700X-16TS v3 or above, T1700G-28TQ v3 or above, T2500G-10TS v2 or above, T2600G-18TS v2 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or above, T2600G-52TS v3 or above.

1Layer 2 Multicast

1.1Overview

In a point-to-multipoint network, packets can be sent in three ways: unicast, broadcast and multicast. With unicast, many copies of the same information will be sent to all the receivers, occupying a large bandwidth.

With broadcast, information will be sent to all users in the network no matter they need it or not, wasting network resources and impacting information security.

Multicast, however, solves all the problems caused by unicast and broadcast. With multicast, the source only need to send one piece of information, and all and only the users who need the information will receive copies of the information. In a point-to-multipoint network, multicast technology not only transmits data with high efficiency, but also saves a large bandwidth and reduces network load.

In practical applications, Internet information provider can provide value-added services such as Online Live, IPTV, Distance Education, Telemedicine, Internet Radio and Real-time Video Conferences more conveniently using multicast.

Layer 2 Multicast allows Layer 2 switches to listen for IGMP (Internet Group Management Protocol) packets between IGMP Querier and user hosts to establish multicast forwarding table and to manage and control transmission of packets.

Take IGMP Snooping as an example. When IGMP Snooping is disabled on the Layer 2 device, multicast packets will be broadcast in the Layer 2 network; when IGMP Snooping is enabled on the Layer 2 device, multicast data from a known multicast group will be transmitted to the designated receivers instead of being broadcast in the Layer 2 network.

Demonstrated as below:

Figure 1-1 IGMP Snooping

The following basic concepts of IGMP Snooping will be introduced: IGMP querier, snooping switch, router port and member port.

IGMP Querier

An IGMP querier is a multicast router (a router or a Layer 3 switch) that sends query messages to maintain a list of multicast group memberships for each attached network, and a timer for each membership.

Normally only one device acts as querier per physical network. If there are more than one multicast router in the network, a querier election process will be implemented to determine which one acts as the querier.

Snooping Switch

A snooping switch indicates a switch with IGMP Snooping enabled. The switch maintains a multicast forwarding table by snooping on the IGMP transmissions between the host and the querier. With the multicast forwarding table, the switch can forward multicast data only to the ports that are in the corresponding multicast group, so as to constrain the flooding of multicast data in the Layer 2 network.

Router Port

A router port is a port on snooping switch that is connecting to the IGMP querier.

Member Port

A member port is a port on snooping switch that is connecting to the host.

1.2Supported Features

Layer 2 Multicast protocol for IPv4: IGMP Snooping

On the Layer 2 device, IGMP Snooping transmits data on demand on data link layer by analyzing IGMP packets between the IGMP querier and the users, to build and maintain Layer 2 multicast forwarding table.

Layer 2 Multicast protocol for IPv6: MLD Snooping

On the Layer 2 device, MLD Snooping (Multicast Listener Discovery Snooping) transmits data on demand on data link layer by analyzing MLD packets between the MLD querier and the users, to build and maintain Layer 2 multicast forwarding table.

Multicast VLAN Registration (MVR)

MVR allows a single multicast VLAN to be shared for multicast member ports in different VLANs in IPv4 network. In IGMP Snooping, if member ports are in different VLANs, a copy of the multicast streams is sent to each VLAN that has member ports. While MVR provides a dedicated multicast VLAN to forward multicast traffic over the Layer 2 network, to avoid duplication of multicast streams for clients in different VLANs. Clients can dynamically join or leave the multicast VLAN without interfering with their relationships in other VLANs.

There are two types of MVR modes:

Compatible Mode

In compatible mode, the MVR switch does not forward report or leave messages from the hosts to the IGMP querier. So the IGMP querier cannot learn the multicast groups membership information from the MVR switch. You have to statically configure the IGMP querier to transmit all the required multicast streams to the MVR switch via the multicast VLAN.

Dynamic Mode

In dynamic mode, after receiving report or leave messages from the hosts, the MVR switch will forward them to the IGMP querier via the multicast VLAN (with appropriate translation of the VLAN ID). So the IGMP querier can learn the multicast groups membership information through the report and leave messages, and transmit the multicast streams to the MVR switch via the multicast VLAN according to the multicast forwarding table.

Multicast Filtering

Multicast Filtering allows you to control the set of multicast groups to which a host can belong. You can filter multicast joins on a per-port basis by configuring IP multicast profiles (IGMP profiles or MLD profiles) and associating them with individual switch ports.

2IGMP Snooping Configuration

To complete IGMP Snooping configuration, follow these steps:

1)Enable IGMP Snooping globally and configure the global parameters.

2)Configure IGMP Snooping for VLANs.

3)Configure IGMP Snooping for ports.

4)(Optional) Configure the advanced IGMP Snooping features:

Configure hosts to statically join a group.

Configure IGMP accounting and authentication features.

Note:

IGMP Snooping takes effect only when it is enabled globally, in the corresponding VLAN and port at the same time.

2.1Using the GUI

2.1.1Configuring IGMP Snooping Globally

Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Global Config to load the following page.

Figure 2-1 Configure IGMP Snooping Globally

Follow these steps to configure IGMP Snooping globally:

1)In the Global Config section, enable IGMP Snooping globally and configure the global parameters.

IGMP Snooping

Enable or disable IGMP Snooping globally.

IGMP Version

Specify the IGMP version.

v1: The switch works as an IGMPv1 Snooping switch. It can only process IGMPv1 messages from the host. Messages of other versions are ignored.

v2: The switch works as an IGMPv2 Snooping switch. It can process both IGMPv1 and IGMPv2 messages from the host. IGMPv3 messages are ignored.

v3: The switch works as an IGMPv3 Snooping switch. It can process IGMPv1, IGMPv2 and IGMPv3 messages from the host.

Unknown Multicast Groups

Set the way in which the switch processes data that are sent to unknown multicast groups as Forward or Discard. By default, it is Forward.

Unknown multicast groups are multicast groups that do not match any of the groups announced in earlier IGMP membership reports, and thus cannot be found in the multicast forwarding table of the switch.

Note: IGMP Snooping and MLD Snooping share the setting of Unknown Multicast Groups, so you have to enable MLD Snooping globally on the L2 FEATURES > Multicast > MLD Snooping > Global Config page at the same time.

Header Validation

Enable or disable Header Validation. By default, it is disabled.

Generally, for IGMP packets, the TTL value should be 1, ToS field should be 0xC0, and Router Alert option should be 0x94040000. The fields to be validated depend on the IGMP version being used. IGMPv1 only checks the TTL field. IGMPv2 checks the TTL field and the Router Alert option. IGMPv3 checks TTL field, ToS field and Router Alert option. Packets that fail the validation process will be dropped.

2)Click Apply.

2.1.2Configuring IGMP Snooping for VLANs

Before configuring IGMP Snooping for VLANs, set up the VLANs that the router ports and the member ports are in. For details, please refer to Configuring 802.1Q VLAN.

The switch supports configuring IGMP Snooping on a per-VLAN basis. After IGMP Snooping is enabled globally, you also need to enable IGMP Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in.

Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Global Config, and click in your desired VLAN entry in the IGMP VLAN Config section to load the following page.

Figure 2-2 Configure IGMP Snooping for VLAN

Follow these steps to configure IGMP Snooping for a specific VLAN:

1)Enable IGMP Snooping for the VLAN, and configure the corresponding parameters.

VLAN ID

Displays the VLAN ID.

IGMP Snooping Status

Enable or disable IGMP Snooping for the VLAN.

Fast Leave

Enable or disable Fast Leave for the VLAN. IGMPv1 does not support Fast Leave.

Without Fast Leave, after a receiver sends an IGMP leave message to leave a multicast group, the switch will forward the leave message to the Layer 3 device (the querier).

From the point of view of the querier, the port connecting to the switch is a member port of the corresponding multicast group. After receiving the leave message from the switch, the querier will send out a configured number (Last Member Query Count) of group-specific queries on that port with a configured interval (Last Member Query Interval), and wait for IGMP group membership reports. If there are other receivers connecting to the switch, they will response to the queries before the Last Member Query Interval expires. If no reports are received after the response time of the last query expires, the querier will remove the port from the forwarding list of the corresponding multicast group.

That is, if there are other receivers connecting to the switch, the one sent leave message have to wait until the port ages out from the switch’s forwarding list of the corresponding multicast group (the maximum waiting time is decided by the Member Port Aging Time).

With Fast Leave enabled on a VLAN, the switch will remove the (Multicast Group, Port, VLAN) entry from the multicast forwarding table before forwarding the leave message to the querier. This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a leave message from the VLAN.

Report Suppression

Enable or disable Report Suppression for the VLAN.

When enabled, the switch will only forward the first IGMP report message for each multicast group to the IGMP querier and suppress subsequent IGMP report messages for the same multicast group during one query interval. This feature prevents duplicate report messages from being sent to the IGMP querier.

Member Port Aging Time

Specify the aging time of the member ports in the VLAN.

Once the switch receives an IGMP membership report message from a port, the switch adds this port to the member port list of the corresponding multicast group. Member ports that are learned in this way are called dynamic member ports.

If the switch does not receive any IGMP membership report messages for a specific multicast group from a dynamic member port, it will no longer consider this port as a member port of this multicast group and delete it from the multicast forwarding table.

Router Port Aging Time

Specify the aging time of the router ports in the VLAN.

Once the switch receives an IGMP general query message from a port, the switch adds this port to the router port list. Router ports that are learned in this way are called dynamic router ports.

If the switch does not receive any IGMP general query message from a dynamic router port within the router port aging time, the switch will no longer consider this port as a router port and delete it from the router port list.

Leave Time

Specify the leave time for the VLAN.

When the switch receives a leave message from a port to leave a multicast group, it will wait for a leave time before removing the port from the multicast group. During the period, if the switch receives any report messages from the port, the port will not be removed from the multicast group. Exceptions are as follows:

If the member port ages out before the Leave Time ends and no report messages are received, the port will be removed from the multicast group once its Member Port Aging Time ends.

The Leave Time mechanism will not take effect when Fast Leave takes effect.

A proper leave time value can avoid other hosts connecting to the same port of the switch being mistakenly removed from the multicast group when only some of them want to leave.

IGMP Snooping Querier

Enable or disable the IGMP Snooping Querier for the VLAN.

When enabled, the switch acts as an IGMP Snooping Querier for the hosts in this VLAN. A querier periodically sends a general query on the network to solicit membership information, and sends group-specific queries when it receives leave messages from hosts.

Note:

To enable IGMP Snooping Querier for a VLAN, IGMP Snooping should be enabled both globally and in the VLAN.

Query Interval

With IGMP Snooping Querier enabled, specify the interval between general query messages sent by the switch.

Maximum Response Time

With IGMP Snooping Querier enabled, specify the host’s maximum response time to general query messages.

Last Member Query Interval

With IGMP Snooping Querier enabled, when the switch receives an IGMP leave message, it obtains the address of the multicast group that the host wants to leave from the message. Then the switch sends out group-specific queries to this multicast group through the port receiving the leave message. This parameter determines the interval between group-specific queries.

Last Member Query Count

With IGMP Snooping Querier enabled, specify the number of group-specific queries to be sent. If specified count of group-specific queries are sent and no report message is received, the switch will delete the multicast address from the multicast forwarding table.

General Query Source IP

With IGMP Snooping Querier enabled, specify the source IP address of the general query messages sent by the switch. It should be a unicast address.

Static Router Ports

Select one or more ports to be the static router ports in the VLAN. Static router ports do not age.

Multicast streams and IGMP packets to all groups in this VLAN will be forwarded through the static router ports. Multicast streams and IGMP packets to the groups that have dynamic router ports will be also forwarded through the corresponding dynamic router ports.

Forbidden Router Ports

Select ports to forbid them from being router ports in the VLAN.

2)Click Save.

2.1.3Configuring IGMP Snooping for Ports

Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Port Config to load the following page.

Figure 2-3 Configure IGMP Snooping for Ports

Follow these steps to configure IGMP Snooping for ports:

1)Enable IGMP Snooping for the port and enable Fast Leave if there is only one receiver connected to the port.

IGMP Snooping

Enable or disable IGMP Snooping for the port.

Fast Leave

Enable or disable Fast Leave for the port. IGMPv1 does not support fast leave.

Fast Leave can be enabled on a per-port basis or per-VLAN basis. When enabled on a per-port basis, the switch will remove the port from the corresponding multicast group of all VLANs before forwarding the leave message to the querier.

You should only use Fast Leave for a port when there is a single receiver connected to the port. For more details about Fast Leave, see 2.1.2 Configuring IGMP Snooping for VLANs.

LAG

Displays the LAG the port belongs to.

2)Click Apply.

2.1.4Configuring Hosts to Statically Join a Group

Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also configure hosts to statically join a group.

Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Static Group Config and click to load the following page.

Figure 2-4 Configure Hosts to Statically Join a Group

Follow these steps to configure hosts to statically join a group:

1)Specify the multicast IP address, VLAN ID. Select the ports to be the static member ports of the multicast group.

Multicast IP

Specify the address of the multicast group that the hosts need to join.

VLAN ID

Specify the VLAN that the hosts are in.

Member Ports

Select the ports that the hosts are connected to. These ports will become the static member ports of the multicast group and will never age.

2)Click Create.

2.1.5Configuring IGMP Accounting and Authentication Features

Note:

Only T2600G series switches support this feature.

You can enable IGMP accounting and authentication according to your need. IGMP accounting is configured globally, and IGMP authentication can be enabled on a per-port basis.

To use these features, you should also set up a RADIUS server and go to SECURITY > AAA > RADIUS Config to configure RADIUS server for the switch.

Choose the menu L2 FEATURES > Multicast > IGMP Snooping > IGMP Authentication to load the following page.

Figure 2-5 Configure IGMP Accounting and Authentication

Follow these steps to enable IGMP accounting:

1)In the Global Config section, enable IGMP Accounting globally.

Accounting

Enable or disable IGMP Accounting.

2)Click Apply.

Follow these steps to configure IGMP Authentication on ports:

1)In the Port Config section, select the ports and enable IGMP Authentication.

IGMP Authentication

Enable or disable IGMP Authentication for the port.

2)Click Apply.

2.2Using the CLI

2.2.1Configuring IGMP Snooping Globally

Follow these steps to configure IGMP Snooping globally:

Step 1

configure

Enter global configuration mode.

Step 2

ip igmp snooping

Enable IGMP Snooping Globally.

Step 3

ip igmp snooping version {v1 | v2 | v3}

Configure the IGMP version.

v1:The switch works as an IGMPv1 Snooping switch. It can only process IGMPv1 report messages from the host. Report messages of other versions are ignored.

v2: The switch works as an IGMPv2 Snooping switch. It can process both IGMPv1 and IGMPv2 report messages from the host. IGMPv3 report messages are ignored.

v3: The switch works as an IGMPv3 Snooping switch. It can process IGMPv1, IGMPv2 and IGMPv3 report messages from the host.

Step 4

ip igmp snooping drop-unknown

(Optional) Configure the way how the switch processes multicast streams that are sent to unknown multicast groups as Discard. By default, it is Forward.

Unknown multicast groups are multicast groups that do not match any of the groups announced in earlier IGMP membership reports, and thus cannot be found in the multicast forwarding table of the switch.

Note: IGMP Snooping and MLD Snooping share the setting of Unknown Multicast Groups, you need to ensure MLD Snooping is enabled globally. To enable MLD Snooping globally, use the ipv6 mld snooping command in global configuration mode.

Step 5

ip igmp snooping header-validation

(Optional) Enable header validation.

Generally, for IGMP packets, the TTL value should be 1, ToS field should be 0xC0, and Router Alert option should be 0x94040000. The fields validated depend on the IGMP version being used. IGMPv1 only checks the TTL field. IGMPv2 checks the TTL field and the Router Alert option. IGMPv3 checks TTL field, ToS field and Router Alert option. Packets that fail the validation process will be dropped.

Step 6

show ip igmp snooping

Show the basic IGMP Snooping configuration.

Step 7

end

Return to privileged EXEC mode.

Step 8

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable IGMP Snooping and header validation globally, and specify the IGMP Snooping version as IGMPv3, the way how the switch processes multicast streams that are sent to unknown multicast groups as discard.

Switch#configure

Switch(config)#ip igmp snooping

Switch(config)#ip igmp snooping version v3

Switch(config)#ipv6 mld snooping

Switch(config)#ip igmp snooping drop-unknown

Switch(config)#ip igmp snooping header-validation

Switch(config)#show ip igmp snooping

IGMP Snooping :Enable

IGMP Version :V3

Unknown Multicast :Discard

Header Validation :Enable

Switch(config)#end

Switch#copy running-config startup-config

2.2.2Configuring IGMP Snooping for VLANs

Before configuring IGMP Snooping for VLANs, set up the VLANs that the router ports and the member ports are in. For details, please refer to Configuring 802.1Q VLAN.

The switch supports configuring IGMP Snooping on a per-VLAN basis. After IGMP Snooping is enabled globally, you also need to enable IGMP Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in.

Follow these steps to configure IGMP Snooping for VLANs:

Step 1

configure

Enter global configuration mode.

Step 2

ip igmp snooping vlan-config vlan-id-list mtime member-time

Enable IGMP Snooping for the specified VLANs, and specify the member port aging time for the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

member-time: Specify the aging time of the member ports in the specified VLANs. Valid values are from 60 to 600 seconds. By default, it is 260 seconds.

Once the switch receives an IGMP membership report message from a port, the switch adds this port to the member port list of the corresponding multicast group. Member ports that are learned in this way are called dynamic member ports.

If the switch does not receive any IGMP membership report message for a specific multicast group from a dynamic member port, it will no longer consider this port as a member port of this multicast group and delete it from the multicast forwarding table.

Step 3

ip igmp snooping vlan-config vlan-id-list rtime router-time

Specify the router port aging time for the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

router-time: Specify the aging time of the router ports in the specified VLANs. Valid values are from 60 to 600 seconds. By default, it is 300 seconds.

Once the switch receives an IGMP general query message from a port, the switch adds this port to the router port list. Router ports that are learned in this way are called dynamic router ports.

If the switch does not receive any IGMP general query message from a dynamic router port within the router port aging time, the switch will no longer consider this port as a router port and delete it from the router port list.

Step 4

ip igmp snooping vlan-config vlan-id-list ltime leave-time

Specify the router port aging time for the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

leave-time: Specify the leave time for the VLAN(s). Valid values are from 1 to 30 in seconds, and the default value is 1 second.

When the switch receives a leave message from a port to leave a multicast group, it will wait for a leave time before removing the port from the multicast group. During the period, if the switch receives any report messages from the port, the port will not be removed from the multicast group. Exceptions are as follows:

If the member port ages out before the Leave Time ends and no report messages are received, the port will be removed from the multicast group once its Member Port Aging Time ends.

The Leave Time mechanism will not take effect when Fast Leave takes effect.

A proper leave time value can avoid other hosts connecting to the same port of the switch being mistakenly removed from the multicast group when only some of them want to leave.

Step 5

ip igmp snooping vlan-config vlan-id-list report-suppression

(Optional) Enable the Report Suppression for the VLANs. By default, it is disabled.

When enabled, the switch will only forward the first IGMP report message for each multicast group to the IGMP querier and suppress subsequent IGMP report messages for the same multicast group during one query interval. This feature prevents duplicate report messages from being sent to the IGMP querier.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

Step 6

ip igmp snooping vlan-config vlan-id-list immediate-leave

(Optional) Enable the Fast Leave for the VLANs. By default, it is disabled. IGMPv1 does not support fast leave.

Without Fast Leave, after a receiver sends an IGMP leave message to leave a multicast group, the switch will forward the leave message to the Layer 3 device (the querier).

From the point of view of the querier, the port connecting to the switch is a member port of the corresponding multicast group. After receiving the leave message from the switch, the querier will send out a configured number (Last Member Query Count) of group-specific queries on that port with a configured interval (Last Member Query Interval), and wait for IGMP group membership reports. If there are other receivers connecting to the switch, they will response to the queries before the Last Member Query Interval expires. If no reports are received after the response time of the last query expires, the querier will remove the port from the forwarding list of the corresponding multicast group.

That is, if there are other receivers connecting to the switch, the one sent leave message have to wait until the port ages out from the switch’s forwarding list of the corresponding multicast group (the maximum waiting time is decided by the Member Port Aging Time).

With Fast Leave enabled on a VLAN, the switch will remove the (Multicast Group, Port, VLAN) entry from the multicast forwarding table before forwarding the leave message to the querier. This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a leave message from the VLAN.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

Step 7

ip igmp snooping vlan-config vlan-id-list rport interface { fastEthernet port-list | gigabitEthernet port-list | ten-gigabitEthernet port-list| port-channel lag-list }

(Optional) Specify the static router ports for the VLANs. Static router ports do not age.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

port-list: The number or the list of the Ethernet port that need to be configured as static router ports.

lag-list: The ID or the list of the LAG that need to be configured as static router ports.

Step 8

ip igmp snooping vlan-config vlan-id-list router-ports-forbidden interface { fastEthernet port-list | gigabitEthernet port-list | ten-gigabitEthernet port-list| port-channel lag-list }

(Optional) Specify the ports to forbid them from being router ports in the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

port-list: The number or the list of the Ethernet port that need to be forbidden from being router ports.

lag-list: The ID or the list of the LAG that need to be forbidden from being router ports.

Step 9

ip igmp snooping vlan-config vlan-id-list querier

(Optional) Enable the IGMP Snooping Querier for the VLAN. By default, it is disabled.

When enabled, the switch acts as an IGMP Snooping Querier for the hosts in this VLAN. A querier periodically sends a general query on the network to solicit membership information, and sends group-specific queries when it receives leave messages from hosts.

Note:

To enable IGMP Snooping Querier for a VLAN, IGMP Snooping should be enabled both globally and in the VLAN.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

After enabling IGMP Snooping Querier feature, you need to specify the corresponding parameters including the Last Member Query Count, Last Member Query Interval, Maximum Response Time, Query Interval and General Query Source IP. Use the command below in global configuration mode to configure the parameters:

ip igmp snooping vlan-config vlan-id-list querier { max-response-time response-time | query-interval interval | general-query source-ip ip-addr | last-member-query-count num | last-member-query-interval interval }

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

response-time: Specify the host’s maximum response time to general query messages. Valid values are from 1 to 25 seconds, and the default value is 10 seconds.

query-interval interval: Specify the interval between general query messages sent by the switch. Valid values are from 10 to 300 seconds, and the default value is 60 seconds.

ip-addr: Specify the source IP address of the general query messages sent by the switch. It should be a unicast address. By default, it is 0.0.0.0.

num: Specify the number of group-specific queries to be sent. With IGMP Snooping Querier enabled, when the switch receives an IGMP leave message, it obtains the address of the multicast group that the host wants to leave from the message. Then the switch sends out group-specific queries to this multicast group through the port receiving the leave message. If specified count of group-specific queries are sent and no report message is received, the switch will delete the multicast address from the multicast forwarding table. Valid values are from 1 to 5, and the default value is 2.

last-member-query-interval interval: Specify the interval between group-specific queries. Valid values are from 1 to 5 seconds, and the default value is 1 second.

Step 10

show ip igmp snooping vlan vlan-id

Show the basic IGMP Snooping configuration in the specified VLAN.

Step 11

end

Return to privileged EXEC mode.

Step 12

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable IGMP Snooping for VLAN 1, and configure the member port aging time as 300 seconds, the router port aging time as 320 seconds, and then enable Fast Leave and Report Suppression for the VLAN:

Switch#configure

Switch(config)#ip igmp snooping vlan-config 1 mtime 300

Switch(config)#ip igmp snooping vlan-config 1 rtime 320

Switch(config)#ip igmp snooping vlan-config 1 immediate-leave

Switch(config)#ip igmp snooping vlan-config 1 report-suppression

Switch(config)#show ip igmp snooping vlan 1

Vlan Id: 1

Vlan IGMP Snooping Status: Enable

Fast Leave: Enable

Report Suppression: Enable

Router Time:320

Member Time: 300

Querier: Disable

Switch(config)#end

Switch#copy running-config startup-config

The following example shows how to enable IGMP Snooping querier for VLAN 1, and configure the query interval as 100 seconds, the maximum response time as 15 seconds, the last member query interval as 2 seconds, the last member query count as 3, and the general query source IP as 192.168.0.5:

Switch#configure

Switch(config)#ip igmp snooping vlan-config 1 querier

Switch(config)#ip igmp snooping vlan-config 1 querier query-interval 100

Switch(config)#ip igmp snooping vlan-config 1 querier max-response-time 15

Switch(config)#ip igmp snooping vlan-config 1 querier last-member-query-interval 2

Switch(config)#ip igmp snooping vlan-config 1 querier last-member-query-count 3

Switch(config)#ip igmp snooping vlan-config 1 querier general-query source-ip192.168.0.5

Switch(config)#show ip igmp snooping vlan 1

Vlan Id: 1

Querier:

Maximum Response Time: 15

Query Interval: 100

Last Member Query Interval: 2

Last Member Query Count: 3

General Query Source IP: 192.168.0.5

Switch(config)#end

Switch#copy running-config startup-config

2.2.3Configuring IGMP Snooping for Ports

Follow these steps to configure IGMP Snooping for ports:

Step 1

configure

Enter global configuration mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list| port-channel port-channel-id | range port-channel port-channel-list}

Enter interface configuration mode.

Step 3

ip igmp snooping

Enable IGMP Snooping for the port. By default, it is enabled.

Step 4

ip igmp snooping immediate-leave

(Optional) Enable Fast Leave on the specified port.

Fast Leave can be enabled on a per-port basis or per-VLAN basis. When enabled on a per-port basis, the switch will remove the port from the corresponding multicast group of all VLANs before forwarding the leave message to the querier.

You should only use Fast Leave for a port when there is a single receiver connected to the port. For more details about Fast Leave, see 2.2.2 Configuring IGMP Snooping for VLANs.

Step 5

show ip igmp snooping interface [fastEthernet [ port-list ] | gigabitEthernet [ port-list ] | ten-gigabitEthernet [ port-list ] | port-channel [port-channel-list] ] basic-config

Show the basic IGMP Snooping configuration on the specified port(s) or of all the ports.

Step 6

end

Return to privileged EXEC mode.

Step 7

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable IGMP Snooping and fast leave for port 1/0/1-3:

Switch#configure

Switch(config)#interface range gigabitEhternet 1/0/1-3

Switch(config-if-range)#ip igmp snooping

Switch(config-if-range)#ip igmp snooping immediate-leave

Switch(config-if-range)#show ip igmp snooping interface gigabitEthernet 1/0/1-3

Port IGMP-Snooping Fast-Leave

———— ——————- —————

Gi1/0/1 enable enable

Gi1/0/2 enable enable

Gi1/0/3 enable enable

Switch(config-if-range)#end

Switch#copy running-config startup-config

2.2.4Configuring Hosts to Statically Join a Group

Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also configure hosts to statically join a group.

Follow these steps to configure hosts to statically join a group:

Step 1

configure

Enter global configuration mode.

Step 2

ip igmp snooping vlan-config vlan-id-list static ip interface { fastEthernet port-list | gigabitEthernet port-list | ten-gigabitEthernet port-list| port-channel lag-list }

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

ip: Specify the IP address of the multicast group that the hosts want to join.

port-list / lag-list: Specify the ports that is connected to the hosts. These ports will become static member ports of the group.

Step 3

show ip igmp snooping groups static

Show the static MLD Snooping configuration.

Step 4

end

Return to privileged EXEC mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure port 1/0/1-3 in VLAN 2 to statically join the multicast group 239.1.2.3:

Switch#configure

Switch(config)#ip igmp snooping vlan-config 2 static 239.1.2.3 interface gigabitEthernet 1/0/1-3

Switch(config)#show ip igmp snooping groups static

Multicast-ip VLAN-id Addr-type Switch-port

———— ——- ——— ————

239.1.2.3 2 static Gi1/0/1-3

Switch(config)#end

Switch#copy running-config startup-config

2.2.5Configuring IGMP Accounting and Authentication Features

Note:

Only T2600G series switches support this feature.

You can enable IGMP accounting and authentication according to your need. IGMP accounting is configured globally, and IGMP authentication can be enabled on a per-port basis.

To use these features, you need to set up a RADIUS server and configure add the RADIUS server for the switch.

Follow these steps to add the RADIUS server and enable IGMP accounting globally:

Step 1

configure

Enter global configuration mode.

Step 2

radius-server host ip-address [ auth-port port-id ] [ acct-port port-id ] [ timeout time ] [ retransmit number ] [ nas-id nas-id ] key { [ 0 ] string | 7 encrypted-string }

Add the RADIUS server and configure the related parameters as needed.

host ip-address: Enter the IP address of the server running the RADIUS protocol.

auth-port port-id: Specify the UDP destination port on the RADIUS server for authentication requests. The default setting is 1812.

acct-port port-id: Specify the UDP destination port on the RADIUS server for accounting requests. The default setting is 1813. Usually, it is used in the 802.1X feature.

timeout time: Specify the time interval that the switch waits for the server to reply before resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds.

retransmit number: Specify the number of times a request is resent to the server if the server does not respond. The valid values are from 1 to 3 and the default setting is 2.

nas-id nas-id: Specify the name of the NAS (Network Access Server) to be contained in RADIUS packets for identification. It ranges from 1 to 31 characters. The default value is the MAC address of the switch. Generally, the NAS indicates the switch itself.

key { [ 0 ] string | 7 encrypted-string }: Specify the shared key. 0 and 7 represent the encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a symmetric encrypted key with a fixed length will follow. By default, the encryption type is 0. string is the shared key for the switch and the server, which contains 31 characters at most. encrypted-string is a symmetric encrypted key with a fixed length, which you can copy from the configuration file of another switch. The key or encrypted-key you configure here will be displayed in the encrypted form.

Step 3

ip igmp snooping accouting

Enable IGMP accounting globally.

Step 4

show ip igmp snooping

Show the basic IGMP Snooping configuration.

Step 5

end

Return to privileged EXEC mode.

Step 6

copy running-config startup-config

Save the settings in the configuration file.

Follow these steps to enable IGMP authentication for ports:

Step 1

configure

Enter global configuration mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list| port-channel port-channel-id | range port-channel port-channel-list}

Enter interface configuration mode.

Step 3

ip igmp snooping authentication

Enable IGMP Snooping authentication for the port. By default, it is enabled.

Step 4

show ip igmp snooping interface [fastEthernet [ port-list ] | gigabitEthernet [ port-list ] | ten-gigabitEthernet [ port-list ] | port-channel [port-channel-list] ] authentication

Show the basic IGMP Snooping configuration on the specified port(s) or of all the ports.

Step 5

end

Return to privileged EXEC mode.

Step 6

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable IGMP accounting globally:

Switch#configure

Switch(config)#ip igmp snooping accounting

Switch(config)#show ip igmp snooping

Global Authentication Accounting: Enable

Enable Port: Gi1/0/1-28, Po1-14

Enable VLAN:

Switch(config)#end

Switch#copy running-config startup-config

The following example shows how to enable IGMP authentication on port 1/0/1-3:

Switch#configure

Switch(config)#interface range gigabitEhternet 1/0/1-3

Switch(config-if-range)#ip igmp snooping authentication

Switch(config-if-range)#show ip igmp snooping interface gigabitEthernet 1/0/1-3 authentication

Port IGMP-Authentication

———— ————————-

Gi1/0/1 enable

Gi1/0/2 enable

Gi1/0/3 enable

Switch(config)#end

Switch#copy running-config startup-config

3MLD Snooping Configuration

To complete MLD Snooping configuration, follow these steps:

1)Enable MLD Snooping globally and configure the global parameters.

2)Configure MLD Snooping for VLANs.

3)Configure MLD Snooping for ports.

4)(Optional) Configure hosts to statically join a group.

Note:

MLD Snooping takes effect only when it is enabled globally, in the corresponding VLAN and port at the same time.

3.1Using the GUI

3.1.1Configuring MLD Snooping Globally

Choose the menu L2 FEATURES > Multicast > MLD Snooping > Global Config to load the following page.

Figure 3-1 Configure MLD Snooping Globally

Follow these steps to configure MLD Snooping globally:

1)In the Global Config section, enable MLD Snooping and configure the Unknown Multicast Groups feature globally.

MLD Snooping

Enable or disable MLD Snooping globally.

Unknown Multicast Groups

Configure the way in which the switch processes data that are sent to unknown multicast groups as Forward or Discard. By default, it is Forward.

Unknown multicast groups are multicast groups that do not match any of the groups announced in earlier IGMP membership reports, and thus cannot be found in the multicast forwarding table of the switch.

Note: IGMP Snooping and MLD Snooping share the setting of Unknown Multicast Groups, so you have to enable IGMP Snooping globally on the L2 FEATURES > Multicast > IGMP Snooping > Global Config page at the same time.

2)Click Apply.

3.1.2Configuring MLD Snooping for VLANs

Before configuring MLD Snooping for VLANs, set up the VLANs that the router ports and the member ports are in. For details, please refer to Configuring 802.1Q VLAN.

The switch supports configuring MLD Snooping on a per-VLAN basis. After MLD Snooping is enabled globally, you also need to enable MLD Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in.

Choose the menu L2 FEATURES > Multicast > MLD Snooping > Global Config, and click in your desired VLAN entry in the MLD VLAN Config section to load the following page.

Figure 3-2 Configure MLD Snooping for VLAN

Follow these steps to configure MLD Snooping for a specific VLAN:

1)Enable MLD Snooping for the VLAN, and configure the corresponding parameters.

VLAN ID

Displays the VLAN ID.

MLD Snooping Status

Enable or disable MLD Snooping for the VLAN.

Fast Leave

Enable or disable Fast Leave for the VLAN.

Without Fast Leave, after a receiver sends an MLD done message (equivalent to an IGMP leave message) to leave a multicast group, the switch will forward the done message to the Layer 3 device (the querier).

From the point of view of the querier, the port connecting to the switch is a member port of the corresponding multicast group. After receiving the done message from the switch, the querier will send out a configured number (Last Listener Query Count) of Multicast-Address-Specific Queries (MASQs) on that port with a configured interval (Last Listener Query Interval), and wait for MLD reports. If there are other receivers connecting to the switch, they will response to the MASQs before the Last Listener Query Interval expires. If no reports are received after the response time of the last query expires, the querier will remove the port from the forwarding list of the corresponding multicast group.

That is, if there are other receivers connecting to the switch, the one sent done message have to wait until the port ages out from the switch’s forwarding list of the corresponding multicast group (the maximum waiting time is decided by the Member Port Aging Time).

With Fast Leave enabled on a VLAN, the switch will remove the (Multicast Group, Port, VLAN) entry from the multicast forwarding table before forwarding the done message to the querier. This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a done message from the VLAN.

Report Suppression

Enable or disable Report Suppression for the VLAN.

When enabled, the switch will only forward the first MLD report message for each multicast group to the MLD querier and suppress subsequent MLD report messages for the same multicast group during one query interval. This feature prevents duplicate report messages from being sent to the MLD querier.

Member Port Aging Time

Specify the aging time of the member ports in the VLAN.

Once the switch receives an MLD report message from a port, the switch adds this port to the member port list of the corresponding multicast group. Member ports that are learned in this way are called dynamic member ports.

If the switch does not receive any MLD report messages for a specific multicast group from a dynamic member port, it will no longer consider this port as a member port of this multicast group and delete it from the multicast forwarding table.

Router Port Aging Time

Specify the aging time of the router ports in the VLAN.

Once the switch receives an MLD general query message from a port, the switch adds this port to the router port list. Router ports that are learned in this way are called dynamic router ports.

If the switch does not receive any MLD general query messages from a dynamic router port within the router port aging time, the switch will no longer consider this port as a router port and delete it from the router port list.

Leave Time

Specify the leave time for the VLAN.

When the switch receives a done message from a port to leave a multicast group, it will wait for a leave time before removing the port from the multicast group. During the period, if the switch receives any report messages from the port, the port will not be removed from the multicast group. Exceptions are as follows:

If the member port ages out before the Leave Time ends and no report messages are received, the port will be removed from the multicast group once its Member Port Aging Time ends.

The Leave Time mechanism will not take effect when Fast Leave takes effect.

A proper leave time value can avoid other hosts connecting to the same port of the switch being mistakenly removed from the multicast group when only some of them want to leave.

MLD Snooping Querier

Enable or disable the MLD Snooping Querier for the VLAN.

When enabled, the switch acts as an MLD Snooping Querier for the hosts in this VLAN. A querier periodically sends a general query on the network to solicit membership information, and sends MASQs when it receives done messages from hosts.

Note:

To enable MLD Snooping Querier for a VLAN, MLD Snooping should be enabled both globally and in the VLAN.

Query Interval

With MLD Snooping Querier enabled, specify the interval between general query messages sent by the switch.

Maximum Response Time

With MLD Snooping Querier enabled, specify the host’s maximum response time to general query messages.

Last Listener Query Interval

With MLD Snooping Querier enabled, when the switch receives a done message, it obtains the address of the multicast group that the host wants to leave from the message. Then the switch sends out MASQs to this multicast group through the port receiving the done message. This parameter determines the interval between MASQs.

Last Listener Query Count

With MLD Snooping Querier enabled, specify the number of MASQs to be sent. If specified count of MASQs are sent and no report message is received, the switch will delete the multicast address from the multicast forwarding table.

General Query Source IP

With MLD Snooping Querier enabled, specify the source IPv6 address of the general query messages sent by the switch. It should be an IPv6 link-local address..

Static Router Ports

Select one or more ports to be the static router ports in the VLAN. Static router ports do not age.

Multicast streams and MLD packets to all groups in this VLAN will be forwarded through the static router ports. Multicast streams and MLD packets to the groups that have dynamic router ports will be also forwarded through the corresponding dynamic router ports.

Forbidden Router Ports

Select the ports to forbid them from being router ports in the VLAN.

2)Click Save.

3.1.3Configuring MLD Snooping for Ports

Choose the menu L2 FEATURES > Multicast > MLD Snooping > Port Config to load the following page.

Figure 3-3 Configure MLD Snooping for Ports

Follow these steps to configure MLD Snooping for ports:

1)Enable MLD Snooping for the port and enable Fast Leave if there is only one receiver connected to the port.

MLD Snooping

Enable or disable MLD Snooping for the port.

Fast Leave

Enable or disable Fast Leave for the port.

Fast Leave can be enabled on a per-port basis or per-VLAN basis. When enabled on a per-port basis, the switch will remove the port from the corresponding multicast group of all VLANs before forwarding the done message to the querier.

You should only use Fast Leave for a port when there is a single receiver connected to the port. For more details about Fast Leave, see 3.1.2 Configuring MLD Snooping for VLANs.

LAG

Displays the LAG the port belongs to.

2)Click Apply.

3.1.4Configuring Hosts to Statically Join a Group

Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also configure hosts to statically join a group.

Choose the menu L2 FEATURES > Multicast > MLD Snooping > Static Group Config and click to load the following page.

Figure 3-4 Configure Hosts to Statically Join a Group

Follow these steps to configure hosts to statically join a group:

1)Specify the multicast IP address, VLAN ID. Select the ports to be the static member ports of the multicast group.

Multicast IP

Specify the IPv6 address of the multicast group that the hosts need to join.

VLAN ID

Specify the VLAN that the hosts are in.

Member Ports

Select the ports that the hosts are connected to. These ports will become the static member ports of the multicast group and will never age.

2)Click Create.

3.2Using the CLI

3.2.1Configuring MLD Snooping Globally

Follow these steps to configure MLD Snooping globally:

Step 1

configure

Enter global configuration mode.

Step 2

ipv6 mld snooping

Enable MLD Snooping Globally.

Step 3

ipv6 mld snooping drop-unknown

(Optional) Configure the way how the switch processes multicast streams that are sent to unknown multicast groups as Discard. By default, it is Forward.

Unknown multicast groups are multicast groups that do not match any of the groups announced in earlier IGMP membership reports, and thus cannot be found in the multicast forwarding table of the switch.

Note: IGMP Snooping and MLD Snooping share the setting of Unknown Multicast Groups, you need to ensure IGMP Snooping is enabled globally. To enable IGMP Snooping globally, use the ip igmp snooping command in global configuration mode.

Step 4

show ipv6 mld snooping

Show the basic IGMP Snooping configuration.

Step 5

end

Return to privileged EXEC mode.

Step 6

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable MLD Snooping globally, and the way how the switch processes multicast streams that are sent to unknown multicast groups as discard.

Switch#configure

Switch(config)#ipv6 mld snooping

Switch(config)#ip igmp snooping

Switch(config)#ipv6 mld snooping drop-unknown

Switch(config)#show ipv6 mld snooping

MLD Snooping :Enable

Unknown Multicast :Discard

Switch(config)#end

Switch#copy running-config startup-config

3.2.2Configuring MLD Snooping for VLANs

Before configuring MLD Snooping for VLANs, set up the VLANs that the router ports and the member ports are in. For details, please refer to Configuring 802.1Q VLAN.

The switch supports configuring MLD Snooping on a per-VLAN basis. After MLD Snooping is enabled globally, you also need to enable MLD Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in.

Follow these steps to configure MLD Snooping for VLANs:

Step 1

configure

Enter global configuration mode.

Step 2

ipv6 mld snooping vlan-config vlan-id-list mtime member-time

Enable MLD Snooping for the specified VLANs, and specify the member port aging time for the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

member-time: Specify the aging time of the member ports in the specified VLANs. Valid values are from 60 to 600 seconds. By default, it is 260 seconds.

Once the switch receives an MLD report message from a port, the switch adds this port to the member port list of the corresponding multicast group. Member ports that are learned in this way are called dynamic member ports.

If the switch does not receive any MLD report message for a specific multicast group from a dynamic member port, it will no longer consider this port as a member port of this multicast group and delete it from the multicast forwarding table.

Step 3

ipv6 mld snooping vlan-config vlan-id-list rtime router-time

Specify the router port aging time for the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

router-time: Specify the aging time of the router ports in the specified VLANs. Valid values are from 60 to 600 seconds. By default, it is 300 seconds.

Once the switch receives an MLD general query message from a port, the switch adds this port to the router port list. Router ports that are learned in this way are called dynamic router ports.

If the switch does not receive any MLD general query message from a dynamic router port within the router port aging time, the switch will no longer consider this port as a router port and delete it from the router port list.

Step 4

ipv6 mld snooping vlan-config vlan-id-list ltime leave-time

Specify the router port aging time for the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

leave-time: Specify the leave time for the VLAN(s). Valid values are from 1 to 30 in seconds, and the default value is 1 second.

When the switch receives a leave message from a port to leave a multicast group, it will wait for a leave time before removing the port from the multicast group. During the period, if the switch receives any report messages from the port, the port will not be removed from the multicast group. Exceptions are as follows:

If the member port ages out before the Leave Time ends and no report messages are received, the port will be removed from the multicast group once its Member Port Aging Time ends.

The Leave Time mechanism will not take effect when Fast Leave takes effect.

A proper leave time value can avoid other hosts connecting to the same port of the switch being mistakenly removed from the multicast group when only some of them want to leave.

Step 5

ipv6 mld snooping vlan-config vlan-id-list report-suppression

(Optional) Enable Report Suppression for the VLANs. By default, it is disabled.

When enabled, the switch will only forward the first MLD report message for each multicast group to the MLD querier and suppress subsequent MLD report messages for the same multicast group during one query interval. This feature prevents duplicate report messages from being sent to the MLD querier.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

Step 6

ipv6 mld snooping vlan-config vlan-id-list immediate-leave

(Optional) Enable Fast Leave for the VLANs. By default, it is disabled.

Without Fast Leave, after a receiver sends an MLD done message (equivalent to an IGMP leave message) to leave a multicast group, the switch will forward the done message to the Layer 3 device (the querier).

From the point of view of the querier, the port connecting to the switch is a member port of the corresponding multicast group. After receiving the done message from the switch, the querier will send out a configured number (Last Listener Query Count) of Multicast-Address-Specific Queries (MASQs) on that port with a configured interval (Last Listener Query Interval), and wait for MLD reports. If there are other receivers connecting to the switch, they will response to the MASQs before the Last Listener Query Interval expires. If no reports are received after the response time of the last query expires, the querier will remove the port from the forwarding list of the corresponding multicast group.

That is, if there are other receivers connecting to the switch, the one sent done message have to wait until the port ages out from the switch’s forwarding list of the corresponding multicast group (the maximum waiting time is decided by the Member Port Aging Time).

With Fast Leave enabled on a VLAN, the switch will remove the (Multicast Group, Port, VLAN) entry from the multicast forwarding table before forwarding the done message to the querier. This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a done message from the VLAN.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

Step 7

ipv6 mld snooping vlan-config vlan-id-list rport interface { fastEthernet port-list | gigabitEthernet port-list | ten-gigabitEthernet port-list| port-channel lag-list }

(Optional) Specify the static router ports for the VLANs. Static router ports do not age.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

port-list: The number or the list of the Ethernet port that need to be configured as static router ports.

lag-list: The ID or the list of the LAG that need to be configured as static router ports.

Step 8

ipv6 mld snooping vlan-config vlan-id-list router-ports-forbidden interface { fastEthernet port-list | gigabitEthernet port-list | ten-gigabitEthernet port-list | port-channel lag-list }

(Optional) Specify the ports to forbid them from being router ports in the VLANs.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

port-list: The number or the list of the Ethernet port that need to be forbidden from being router ports.

lag-list: The ID or the list of the LAG that need to be forbidden from being router ports.

Step 9

ipv6 mld snooping vlan-config vlan-id-list querier

(Optional) Enable MLD Snooping Querier for the VLAN. By default, it is disabled.

When enabled, the switch acts as an MLD Snooping Querier for the hosts in this VLAN. A querier periodically sends a general query on the network to solicit membership information, and sends group-specific queries when it receives done messages from hosts.

Note:

To enable MLD Snooping Querier for a VLAN, MLD Snooping should be enabled both globally and in the VLAN.

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

After enabling MLD Snooping Querier feature, you need to specify the corresponding parameters including the Last Member Query Count, Last Member Query Interval, Maximum Response Time, Query Interval and General Query Source IP. Use the command below in global configuration mode to configure the parameters:

ipv6 mld snooping vlan-config vlan-id-list querier { max-response-time response-time | query-interval interval | general-query source-ip ip-addr | last-listener-query-count num | last-listener-query-interval interval }

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

response-time: Specify the host’s maximum response time to general query messages.

query-interval interval: Specify the interval between general query messages sent by the switch.

ip-addr: Specify the source IP address of the general query messages sent by the switch. It should be an IPv6 link-local address.

num: Specify the number of group-specific queries to be sent. With MLD Snooping Querier enabled, when the switch receives a done message, it obtains the address of the multicast group that the host wants to leave from the message. Then the switch sends out MASQs to this multicast group through the port receiving the done message. If specified count of MASQs are sent and no report message is received, the switch will delete the multicast address from the multicast forwarding table.

last-listener-query-interval interval: Specify the interval between MASQs.

Step 10

show ipv6 mld snooping vlan vlan-id

Show the basic MLD snooping configuration in the specified VLAN.

Step 11

end

Return to privileged EXEC mode.

Step 12

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable MLD Snooping for VLAN 1, and configure the member port aging time as 300 seconds, the router port aging time as 320 seconds, and then enable Fast Leave and Report Suppression for the VLAN:

Switch#configure

Switch(config)#ipv6 mld snooping vlan-config 1 mtime 300

Switch(config)#ipv6 mld snooping vlan-config 1 rtime 320

Switch(config)#ipv6 mld snooping vlan-config 1 immediate-leave

Switch(config)#ipv6 mld snooping vlan-config 1 report-suppression

Switch(config)#show ipv6 mld snooping vlan 1

Vlan Id: 1

Vlan MLD Snooping Status: Enable

Fast Leave: Enable

Report Suppression: Enable

Router Time: Enable

Member Time: Enable

Querier: Disable

Switch(config)#end

Switch#copy running-config startup-config

The following example shows how to enable MLD Snooping querier for VLAN 1, and configure the query interval as 100 seconds, the maximum response time as 15 seconds, the last listener query interval as 2 seconds, the last listener query count as 3, and the general query source IP as FE80::1:

Switch#configure

Switch(config)#ipv6 mld snooping vlan-config 1 querier

Switch(config)#ipv6 mld snooping vlan-config 1 querier query-interval 100

Switch(config)#ipv6 mld snooping vlan-config 1 querier max-response-time 15

Switch(config)#ipv6 mld snooping vlan-config 1 querier last-listener-query-interval 2

Switch(config)#ipv6 mld snooping vlan-config 1 querier last-listener-query-count 3

Switch(config)#ipv6 mld snooping vlan-config 1 querier general-query source-ip FE80::1

Switch(config)#show ipv6 mld snooping vlan 1

Vlan Id: 1

Querier: Enable

Maximum Response Time: 15

Query Interval: 100

Last Member Query Interval: 2

Last Member Query Count: 3

General Query Source IP: fe80::1

Switch(config)#end

Switch#copy running-config startup-config

3.2.3Configuring MLD Snooping for Ports

Follow these steps to configure MLD Snooping for ports:

Step 1

configure

Enter global configuration mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list| port-channel port-channel-id | range port-channel port-channel-list}

Enter interface configuration mode.

Step 3

ipv6 mld snooping

Enable MLD Snooping for the port. By default, it is enabled.

Step 4

ipv6 mld snooping immediate-leave

(Optional) Enable Fast Leave on the specified port.

Fast Leave can be enabled on a per-port basis or per-VLAN basis. When enabled on a per-port basis, the switch will remove the port from the corresponding multicast group of all VLANs before forwarding the done message to the querier.

You should only use Fast Leave for a port when there is a single receiver connected to the port. For more details about Fast Leave, see 3.2.2 Configuring MLD Snooping for VLANs.

Step 5

show ipv6 mld snooping interface [fastEthernet [ port-list ] | gigabitEthernet [ port-list ] | ten-gigabitEthernet [ port-list ] | port-channel [port-channel-list]] basic-config

Show the basic MLD Snooping configuration on the specified port(s) or of all the ports.

Step 6

end

Return to privileged EXEC mode.

Step 7

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable MLD Snooping and fast leave for port 1/0/1-3:

Switch#configure

Switch(config)#interface range gigabitEhternet 1/0/1-3

Switch(config-if-range)#ipv6 mld snooping

Switch(config-if-range)#ipv6 mld snooping immediate-leave

Switch(config-if-range)#show ipv6 mld snooping interface gigabitEthernet 1/0/1-3

Port MLD-Snooping Fast-Leave

———— ——————- —————

Gi1/0/1 enable enable

Gi1/0/2 enable enable

Gi1/0/3 enable enable

Switch(config-if-range)#end

Switch#copy running-config startup-config

3.2.4Configuring Hosts to Statically Join a Group

Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also configure hosts to statically join a group.

Follow these steps to configure hosts to statically join a group:

Step 1

configure

Enter global configuration mode.

Step 2

ipv6 mld snooping vlan-config vlan-id-list static ip interface {fastEthernet port-list | gigabitEthernet port-list | ten-gigabitEthernet port-list | port-channel lag-list}

vlan-id-list: Specify the ID or the ID list of the VLAN(s).

ip: Specify the IP address of the multicast group that the hosts want to join.

port-list / lag-list: Specify the ports that is connected to the hosts. These ports will become static member ports of the group.

Step 3

show ipv6 mld snooping groups static

Show the static MLD Snooping configuration.

Step 4

end

Return to privileged EXEC mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure port 1/0/1-3 in VLAN 2 to statically join the multicast group FF80::1001:

Switch#configure

Switch(config)#ipv6 mld snooping vlan-config 2 static FF80::1001 interface gigabitEthernet 1/0/1-3

Switch(config)#show ipv6 mld snooping groups static

Multicast-ip VLAN-id Addr-type Switch-port

————— ——- ——— ————

ff80::1001 2 static Gi1/0/1-3

Switch(config)#end

Switch#copy running-config startup-config

4MVR Configuration

To complete MVR configuration, follow these steps:

1)Configure 802.1Q VLANs.

2)Configure MVR globally.

3)Add multicast groups to MVR.

4)Configure MVR for the ports.

5)Statically add ports to MVR groups.

Configuration Guidelines

MVR does not support IGMPv3 messages.

Do not configure MVR on private VLAN ports, otherwise MVR cannot take effect.

MVR operates on the underlying mechanism of IGMP Snooping, but the two features operate independently of each other. Both protocols can be enabled on a port at the same time. When both are enabled, MVR listens to the report and leave messages only for the multicast groups configured in MVR. All other multicast groups are managed by IGMP Snooping.

4.1Using the GUI

4.1.1Configuring 802.1Q VLANs

Before configuring MVR, create an 802.1Q VLAN as the multicast VLAN. Add all source ports (the uplink ports that receive multicast data from the router) to the multicast VLAN as tagged ports. Configure 802.1Q VLANs for the receiver ports (ports that are connecting to the hosts) according to network requirements. Note that receiver ports can only belong to one VLAN and cannot be added to the multicast VLAN. For details, refer to Configuring 802.1Q VLAN.

4.1.2Configuring MVR Globally

Choose the menu L2 FEATURES > Multicast > MVR > MVR Config to load the following page.

Figure 4-1 Configure MVR Globally

Follow these steps to configure MVR globally:

1)Enable MVR globally and configure the global parameters.

MVR

Enable or disable MVR globally.

MVR Mode

Specify the MVR mode as compatible or dynamic.

Compatible: In this mode, the switch does not forward report or leave messages from the hosts to the IGMP querier. This means IGMP querier cannot learn the multicast groups’ membership information from the switch. The IGMP querier must be statically configured to transmit all the required multicast streams to the switch via the multicast VLAN.

Dynamic: In this mode, after receiving report or leave messages from the hosts, the switch will forward them to the IGMP querier via the multicast VLAN (with appropriate translation of the VLAN ID). The IGMP querier can learn the multicast groups’ membership information through the report and leave messages, and transmit the multicast streams to the switch via the multicast VLAN according to the multicast forwarding table.

Multicast VLAN ID

Specify an existing 802.1Q VLAN as the multicast VLAN.

Query Response Time

Specify the maximum time to wait for the IGMP membership report since the switch receives an IGMP leave message on a receiver port. After receiving an IGMP leave message from a receiver port, the switch will send out group-specific queries and wait for IGMP membership reports. If no IGMP membership reports are received before the Query Response Time expires, the switch will remove the port from the multicast group.

Maximum Multicast Groups

Displays the maximum number of multicast groups that can be configured on the switch.

Current Multicast Groups

Displays the current number of multicast groups that have been configured on the switch.

2)Click Apply.

4.1.3Adding Multicast Groups to MVR

You need to manually add multicast groups to the MVR. Choose the menu L2 FEATURES > Multicast > MVR > MVR Group Config and click to load the following page.

Figure 4-2 Add Multicast Groups to MVR

Follow these steps to add multicast groups to MVR:

1)Specify the IP address of the multicast groups.

MVR Group IP / MVR Group Count

Specify the start IP address and the number of contiguous series of multicast groups.

Multicast data sent to the address specified here will be sent to all source ports on the switch and all receiver ports that have requested to receive data from that multicast address.

2)Click Create.

Then the added multicast groups will appear in the MVR group table, as the following figure shows:

Figure 4-3 MVR Group Table

MVR Group IP

Displays the IP address of multicast group.

Status

Displays the status of the MVR group. In compatible mode, all the MVR groups are added manually, so the status is always active. In dynamic mode, there are two status:

Inactive: The MVR group is added successfully, but the source port has not received any query messages from this multicast group.

Active: The MVR group is added successfully and the source port has received query messages from this multicast group.

Member

Displays the member ports in this MVR group.

4.1.4Configuring MVR for the Port

Choose the menu L2 FEATURES > Multicast > MVR > Port Config to load the following page.

Figure 4-4 Configure MVR for the Port

Follow these steps to add multicast groups to MVR:

1)Select one or more ports to configure.

2)Enable MVR, and configure the port type and Fast Leave feature for the port.

Mode

Enable or disable MVR for the selected ports.

Type

Configure the port type.

None: The port is a non-MVR port. If you attempt to configure a non-MVR port with MVR characteristics, the operation will be unsuccessful.

Source: Configure the uplink ports that receive and send multicast data on the multicast VLAN as source ports. Source ports should belong to the multicast VLAN. In compatible mode, source ports will be automatically added to all multicast groups, while in dynamic mode, you need to manually add them to the corresponding multicast groups.

Receiver: Configure the ports that are connecting to the hosts as receiver ports. A receiver port can only belong to one VLAN, and cannot belong to the multicast VLAN. In both modes, the switch will add or remove the receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts.

Status

Displays the port’s status.

Active/InVLAN: The port is physically up and in one or more VLANs.

Active/NotInVLAN: The port is physically up and not in any VLAN.

Inactive/InVLAN: The port is physically down and in one or more VLANs.

Inactive/NotInVLAN: The port is physically down and not in any VLAN.

Fast Leave

Enable or disable Fast Leave for the selected ports. Only receiver ports support Fast Leave. Before enabling Fast Leave for a port, make sure there is only a single receiver device connecting to the port.

3)Click Apply.

4.1.5(Optional) Adding Ports to MVR Groups Statically

You can add only receiver ports to MVR groups statically. The switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts. You can also statically add a receiver port to an MVR group.

Choose the menu L2 FEATURES > Multicast > MVR > Static Group Members, and click in your desired MVR group entry to load the following page.

Figure 4-5 Configure Hosts to Statically Join an MVR group

Follow these steps to statically add ports to an MVR group:

1)Select the ports to add them to the MVR group.

2)Click Save.

4.2Using the CLI

4.2.1Configuring 802.1Q VLANs

Before configuring MVR, create an 802.1Q VLAN as the multicast VLAN. Add the all source ports to the multicast VLAN as tagged ports. Configure 802.1Q VLANs for the receiver ports according to network requirements. Note that receiver ports can only belong to one VLAN and cannot be added to the multicast VLAN. For details, refer to Configuring 802.1Q VLAN.

4.2.2Configuring MVR Globally

Follow these steps to configure MVR globally:

Step 1

configure

Enter global configuration mode.

Step 2

mvr

Enable MVR Globally.

Step 3

mvr mode { compatible | dynamic }

Configure the MVR mode as compatible or dynamic.

compatible: In this mode, the switch does not forward report or leave messages from the hosts to the IGMP querier. So the IGMP querier cannot learn the multicast groups membership information from the switch. You have to statically configure the IGMP querier to transmit all the required multicast streams to the switch via the multicast VLAN.

dynamic: In this mode, after receiving report or leave messages from the hosts, the switch will forward them to the IGMP querier via the multicast VLAN (with appropriate translation of the VLAN ID). So the IGMP querier can learn the multicast groups membership information through the report and leave messages, and transmit the multicast streams to the switch via the multicast VLAN according to the multicast forwarding table.

Step 4

mvr vlan vlan-id

Specify the multicast VLAN.

vlan-id: Specify the ID of the multicast VLAN. Valid values are from 1 to 4094.

Step 5

mvr querytime time

Specify the maximum time to wait for the IGMP membership reports since the switch receives an IGMP leave message on a receiver port.

time: Specify the maximum response time. After receiving an IGMP leave message from a receiver port, the switch will send out group-specific queries and wait for IGMP membership reports. If no IGMP membership reports are received before this configured time expires, the switch will remove the port from the multicast group. Valid values are from 1 to100 tenths of a second, and the default value is 5 tenths of a second.

Step 6

mvr group ip-addr count

Add multicast groups to the MVR.

ip-addr: Specify the start IP address of the contiguous series of multicast groups.

count: Specify the number of the multicast groups to be added to the MVR. The range is 1 to 256.

Step 7

show mvr

Show the global MVR configuration.

show mvr members

Show the existing MVR groups.

Step 8

end

Return to privileged EXEC mode.

Step 9

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable MVR globally, and configure the MVR mode as compatible, the multicast VLAN as VLAN 2 and the query response time as 5 tenths of a second. Then add 239.1.2.3-239.1.2.5 to MVR group.

Switch#configure

Switch(config)#mvr mode compatible

Switch(config)#mvr vlan 2

Switch(config)#mvr querytime 5

Switch(config)#mvr group 239.1.2.3 3

Switch(config)#show mvr

MVR :Enable

MVR Multicast Vlan :2

MVR Max Multicast Groups :256

MVR Current Multicast Groups :3

MVR Global Query Response Time :5 (tenths of sec)

MVR Mode Type :Compatible

Switch(config)#show mvr members

MVR Group IP status Members

—————- ——— —————-

239.1.2.3 active

239.1.2.4 active

239.1.2.5 active

Switch(config)#end

Switch#copy running-config startup-config

4.2.3Configuring MVR for the Ports

Follow these steps to configure MVR for the ports:

Step 1

configure

Enter global configuration mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list }

Enter interface configuration mode.

Step 3

mvr

Enable MVR for the port.

Step 4

mvr type { source | receiver }

Configure the MVR port type as receiver or source. By default, the port is a non-MVR port. If you attempt to configure a non-MVR port with MVR characteristics, the operation fails.

source: Configure the uplink ports that receive and send multicast data on the multicast VLAN as source ports. Source ports should belong to the multicast VLAN.

receiver: Configure the ports that are connecting to the hosts as receiver ports. A receiver port can only belong to one VLAN, and cannot belong to the multicast VLAN.

Step 5

mvr immediate

(Optional) Enable the Fast Leave feature of MVR for the port. Only receiver ports support Fast Leave. Before enabling Fast Leave for a port, make sure there is only a single receiver device connecting to the port.

Step 6

mvr vlan vlan-id group ip-addr

(Optional) Statically add the port to an MVR group. Then the port can receive multicast traffic sent to the IP multicast address via the multicast VLAN.

This command applies to only receiver ports. The switch adds or removes the receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts. You can also statically add a receiver port to an MVR group.

vlan-id: Enter the multicast VLAN ID.

ip-addr: Specify the IP address of the multicast group.

Step 7

show mvr interface {fastEthernet [port-list ] | gigabitEthernet [port-list ] | ten-gigabitEthernet [port-list ] }

Show the MVR configuration of the specified interface(s).

show mvr members

Show the membership information of all MVR groups.

Step 8

end

Return to privileged EXEC mode.

Step 9

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure port 1/0/7 as source port, and port 1/0/1-3 as receiver ports. Then statically add port 1/0/1-3 to group 239.1.2.3 and enable MVR Fast Leave for these ports. The multicast VLAN is VLAN 2.

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/7

Switch(config-if)#mvr

Switch(config-if)#mvr type source

Switch(config-if)#exit

Switch(config)#interface range gigabitEthernet 1/0/1-3

Switch(config-if-range)#mvr

Switch(config-if-range)#mvr type receiver

Switch(config-if-range)#mvr immediate

Switch(config-if-range)#mvr vlan 2 group 239.1.2.3

Switch(config-if-range)#show mvr interface gigabitEtnernet 1/0/1-3,1/0/7

Port Mode Type Status Immediate Leave

———— ———- ———— ——————— ———————

Gi1/0/1 Enable Receiver INACTIVE/InVLAN Enable

Gi1/0/2 Enable Receiver INACTIVE/InVLAN Enable

Gi1/0/3 Enable Receiver INACTIVE/InVLAN Enable

Gi1/0/7 Enable Source INACTIVE/InVLAN Disable

Switch(config-if-range)#show mvr members

MVR Group IP status Members

—————- ——— —————-

239.1.2.3 active Gi1/0/1-3, 1/0/7

Switch(config)#end

Switch#copy running-config startup-config

5Multicast Filtering Configuration

To complete multicast filtering configuration, follow these steps:

1)Create the IGMP profile or MLD profile.

2)Configure multicast groups a port can join and the overflow action.

5.1Using the GUI

5.1.1Creating the Multicast Profile

You can create multicast profiles for both IPv4 and IPv6 network. With multicast profile, the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources.

The process for creating multicast profiles for IPv4 and IPv6 are similar. The following introductions take creating an IPv4 profile as an example.

Choose the menu L2 FEATURES > Multicast > Multicast Filtering > IPv4 Profile, and click to load the following page.

Note:

To create a multicast profile for IPv6, choose the menu L2 FEATURES > Multicast > Multicast Filtering > IPv6 Profile.

Figure 5-1 Create IPv4 Profile

Follow these steps to create a profile.

1)In the General Config section, specify the Profile ID and Mode.

Profile ID

Enter a profile ID between 1 and 999.

Mode

Select Permit or Deny as the filtering mode.

Permit: Acts as a whitelist and only allows specific member ports to join specified multicast groups.

Deny: Acts as a blacklist and prevents specific member ports from joining specific multicast groups.

2)In the IP-Range section, click to load the following page. Configure the start IP address and end IP address of the multicast groups to be filtered, and click Create.

Figure 5-2 Configure Multicast Groups to Be Filtered

3)In the Bind Ports section, select your desired ports to be bound with the profile.

4)Click Save.

5.1.2Configure Multicast Filtering for Ports

You can modify the mapping relation between ports and profiles in batches, and configure the number of multicast groups a port can join and the overflow action.

The process for configuring multicast filtering for ports in IPv4 and IPv6 are similar. The following introductions take configuring multicast filtering for ports in IPv4 as an example.

Choose the menu L2 FEATURES > Multicast > Multicast Filtering > IPv4 Port Binding to load the following page.

Note:

For IPv6, choose the menu L2 FEATURES > Multicast > Multicast Filtering > IPv6 Port Binding.

Figure 5-3 Configure Multicast Filtering for Ports

Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports:

1)Select one or more ports to configure.

2)Specify the profile to be bound, and configure the maximum groups the port can join and the overflow action.

Profile ID

Specify the ID of an existing profile to bind the profile to the selected ports. One port can only be bound to one profile.

Maximum Groups

Enter the number of multicast groups the port can join.

For T2600G and T1600G series switches except T1600G-28TS V3, valid values are from 0 to 1000.

For other switches, valid values are from 0 to 511.

Overflow Action

Select the action the switch will take with the new multicast member groups when the number of multicast groups the port has joined exceeds the maximum.

Drop: Drop all subsequent membership report messages to prevent the port joining a new multicast groups.

Replace: Replace the existing multicast group that has the lowest multicast MAC address with the new multicast group.

LAG

Displays the LAG the port belongs to.

Operation

Click Clear Profile to clear the binding between the profile and the port.

3)Click Apply.

5.2Using the CLI

5.2.1Creating the Multicast Profile

You can create multicast profiles for both IPv4 and IPv6 network. With multicast profile, the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources.

Creating IGMP Profile (Multicast Profile for IPv4)

Step 1

configure

Enter global configuration mode.

Step 2

ip igmp profile id

Create a new profile and enter profile configuration mode.

Step 3

Permit

Configure the profile’s filtering mode as permit. Then the profile acts as a whitelist and only allows specific member ports to join specified multicast groups.

deny

Configure the profile’s filtering mode as deny. Then the profile acts as a blacklist and prevents specific member ports from joining specific multicast groups.

Step 4

range start-ip end-ip

Configure the range of multicast IP addresses to be filtered.

start-ip / end-ip: Specify the start IP address and end IP address of the IP range.

Step 5

show ip igmp profile [id]

Show the detailed IGMP profile configuration.

Step 6

end

Return to privileged EXEC mode.

Step 7

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure Profile 1 so that the switch filters multicast streams sent to 226.0.0.5-226.0.0.10:

Switch#configure

Switch(config)#ip igmp snooping

Switch(config)#ip igmp profile 1

Switch(config-igmp-profile)#deny

Switch(config-igmp-profile)#range 226.0.0.5 226.0.0.10

Switch(config-igmp-profile)#show ip igmp profile

IGMP Profile 1

deny

range 226.0.0.5 226.0.0.10

Switch(config)#end

Switch#copy running-config startup-config

Creating MLD Profile (Multicast Profile for IPv6)

Step 1

configure

Enter global configuration mode.

Step 2

ipv6 mld profile id

Create a new profile and enter profile configuration mode.

Step 3

Permit

Configure the profile’s filtering mode as permit. It is similar to a whitelist, indicating that the switch only allow specific member ports to join specific multicast groups.

deny

Configure the profile’s filtering mode as deny. It is similar to a blacklist, indicating that the switch disallow specific member ports to join specific multicast groups.

Step 4

range start-ip end-ip

Configure the range of multicast IP addresses to be filtered.

start-ip / end-ip: Specify the start IP address and end IP address of the IP range.

Step 5

show ipv6 mld profile [id]

Show the detailed MLD profile configuration.

Step 6

end

Return to privileged EXEC mode.

Step 7

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure Profile 1 so that the switch filters multicast streams sent to ff01::1234:5-ff01::1234:8:

Switch#configure

Switch(config)#ipv6 mld snooping

Switch(config)#ipv6 mld profile 1

Switch(config-mld-profile)#deny

Switch(config-mld-profile)#range ff01::1234:5 ff01::1234:8

Switch(config-mld-profile)#show ipv6 mld profile

MLD Profile 1

deny

range ff01::1234:5 ff01::1234:8

Switch(config)#end

Switch#copy running-config startup-config

5.2.2Binding the Profile to Ports

You can bind the created IGMP profile or MLD profile to ports, and configure the number of multicast groups a port can join and the overflow action.

Binding the IGMP Profile to Ports

Step 1

configure

Enter global configuration mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list | port-channel port-channel-id | range port-channel port-channel-list}

Enter interface configuration mode.

Step 3

ip igmp filter profile-id

Bind the IGMP profile to the specified ports.

profile-id: Specify the ID of the profile to be bound. It should be an existing profile.

Step 4

ip igmp snooping max-groups maxgroup

Configure the maximum number of multicast groups the port can join.

maxgroup: Specify the maximum number of multicast groups the port can join.

For T2600G and T1600G series switches except T1600G-28TS V3, valid values are from 0 to 1000.

For other switches, valid values are from 0 to 511.

Step 5

ip igmp snooping max-groups action {drop | replace}

Specify the action towards the new multicast group when the number of multicast groups the port joined exceeds the limit.

drop: Drop all subsequent membership report messages, and the port join no more new multicast groups.

replace: Replace the existing multicast group owning the lowest multicast MAC address with the new multicast group.

Step 6

show ip igmp profile [id]

Show the detailed IGMP profile configurations.

show ip igmp snooping interface [fastEthernet [ port-list ] | gigabitEthernet [ port-list ] | ten-gigabitEthernet [ port-list ] | port-channel [port-channel-list ] ] max-groups

Show the multicast group limitation on the specified port(s) or of all the ports.

Step 7

end

Return to privileged EXEC mode.

Step 8

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to bind the existing Profile 1 to port 1/0/2, and specify the maximum number of multicast groups that port 1/0/2 can join as 50 and the Overflow Action as Drop:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/2

Switch(config-if)#ip igmp snooping

Switch(config-if)#ip igmp filter 1

Switch(config-if)#ip igmp snooping max-groups 50

Switch(config-if)#ip igmp snooping max-groups action drop

Switch(config-if)#show ip igmp profile

IGMP Profile 1

Binding Port(s)

Gi1/0/2

Switch(config-if)#show ip igmp snooping interface gigabitEthernet 1/0/2 max-groups

Port Max-Groups Overflow-Action

————- ————— ———————

Gi1/0/2 50 Drops

Switch(config)#end

Switch#copy running-config startup-config

Binding the MLD Profile to Ports

Step 1

configure

Enter global configuration mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list | port-channel port-channel-id | range port-channel port-channel-list}

Enter interface configuration mode.

Step 3

ipv6 mld filter profile-id

Bind the MLD profile to the specified ports.

profile-id: Specify the ID of the profile to be bound. It should be an existing profile.

Step 4

ipv6 mld snooping max-groups maxgroup

Configure the maximum number of multicast groups the port can join.

maxgroup: Specify the maximum number of multicast groups the port can join. The range is 0 to 1000.

Step 5

ipv6 mld snooping max-groups action {drop | replace}

Specify the action towards the new multicast group when the number of multicast groups the port joined exceeds max group.

drop: Drop all subsequent membership report messages, and the port join no more new multicast groups.

replace: Replace the existing multicast group owning the lowest multicast MAC address with the new multicast group.

Step 6

show ipv6 mld profile [id]

Show the detailed MLD profile configuration.

show ipv6 mld snooping interface [fastEthernet [ port-list ] | gigabitEthernet [ port-list ] | ten-gigabitEthernet [ port-list ] | port-channel [port-channel-list ] ] max-groups

Show the multicast group limitation on the specified port(s) or of all the ports.

Step 7

end

Return to privileged EXEC mode.

Step 8

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to bind the existing Profile 1 to port 1/0/2, and specify the maximum number of multicast groups that port 1/0/2 can join as 50 and the Overflow Action as Drop:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/2

Switch(config-if)#ipv6 mld snooping

Switch(config-if)#ipv6 mld filter 1

Switch(config-if)#ipv6 mld snooping max-groups 50

Switch(config-if)#ipv6 mld snooping max-groups action drop

Switch(config-if)#show ipv6 mld profile

MLD Profile 1

Binding Port(s)

Gi1/0/2

Switch(config-if)#show ipv6 mld snooping interface gigabitEthernet 1/0/2 max-groups

Port Max-Groups Overflow-Action

————- ————— ———————

Gi1/0/2 50 Drops

Switch(config)#end

Switch#copy running-config startup-config

6Viewing Multicast Snooping Information

You can view the following multicast snooping information:

View IPv4 multicast table.

View IPv4 multicast statistics on each port.

View IPv6 multicast table.

View IPv6 multicast statistics on each port.

6.1Using the GUI

6.1.1Viewing IPv4 Multicast Table

Choose the menu L2 FEATURES > Multicast > Multicast Info > IPv4 Multicast Table to load the following page:

Figure 6-1 IPv4 Multicast Table

The multicast IP address table shows all valid Multicast IP-VLAN-Port entries:

Multicast IP

Displays the multicast source IP address.

VLAN ID

Displays the ID of the VLAN the multicast group belongs to.

Source

Displays the source of the multicast entry.

IGMP Snooping: The multicast entry is learned by IGMP Snooping.

MVR: The multicast entry is learned by MVR.

Type

Displays how the multicast entry is generated.

Dynamic: The entry is dynamically learned. All the member ports are dynamically added to the multicast group.

Static: The entry is manually added. All the member ports are manually added to the multicast group.

Mix: The entry is dynamically learned (manually learned), and some of the member ports are manually added (dynamically added) to the multicast group.

Forward Ports

All ports in the multicast group, including router ports and member ports.

6.1.2Viewing IPv4 Multicast Statistics on Each Port

Choose the menu L2 FEATURES > Multicast > Multicast Info > IPv4 Multicast Statistics to load the following page:

Figure 6-2 IPv4 Multicast Statistics

Follow these steps to view IPv4 multicast statistics on each port:

1)To get the real-time multicast statistics, enable Auto Refresh, or click Refresh.

Auto Refresh

Enable or disable Auto Refresh. When enabled, the switch will automatically refresh the multicast statistics.

Refresh Interval

After Auto Refresh is enabled, specify the time interval for the switch to refresh the multicast statistics.

2)In the Port Statistics section, view IPv4 multicast statistics on each port.

Query Packets

Displays the number of query packets received by the port.

Report Packets (v1)

Displays the number of IGMPv1 report packets received by the port.

Report Packets (v2)

Displays the number of IGMPv2 report packets received by the port.

Report Packets (v3)

Displays the number of IGMPv3 report packets received by the port.

Leave Packets

Displays the number of leave packets received by the port.

Error Packets

Displays the number of error packets received by the port.

6.1.3Viewing IPv6 Multicast Table

Choose the menu L2 FEATURES > Multicast > Multicast Info > IPv6 Multicast Table to load the following page:

Figure 6-3 IPv6 Multicast Table

The multicast IP address table shows all valid Multicast IP-VLAN-Port entries:

Multicast IP

Displays the multicast source IP address.

VLAN ID

Displays the ID of the VLAN the multicast group belongs to.

Source

Displays the source of the multicast entry.

MLD Snooping: The multicast entry is learned by IGMP Snooping.

Type

Displays how the multicast entry is generated.

Dynamic: The entry is dynamically learned. All the member ports are dynamically added to the multicast group.

Static: The entry is manually added. All the member ports are manually added to the multicast group.

Mix: The entry is dynamically learned (manually learned), and some of the member ports are manually added (dynamically added) to the multicast group.

Forward Port

All ports in the multicast group, including router ports and member ports.

6.1.4Viewing IPv6 Multicast Statistics on Each Port

Choose the menu L2 FEATURES > Multicast > Multicast Info > IPv6 Multicast Statistics to load the following page:

Figure 6-4 IPv6 Multicast Statistics

Follow these steps to view IPv6 multicast statistics on each port:

1)To get the real-time IPv6 multicast statistics, enable Auto Refresh, or click Refresh.

Auto Refresh

Enable or disable Auto Refresh. When enabled, the switch will automatically refresh the multicast statistics.

Refresh Interval

After Auto Refresh is enabled, specify the time interval for the switch to refresh the multicast statistics.

2)In the Port Statistics section, view IPv6 multicast statistics on each port.

Query Packets

Displays the number of query packets received by the port.

Report Packets (v1)

Displays the number of MLDv1 packets received by the port.

Report Packets (v2)

Displays the number of MLDv2 packets received by the port.

Done Packets

Displays the number of done packets received by the port.

Error Packets

Displays the number of error packets received by the port.

6.2Using the CLI

6.2.1Viewing IPv4 Multicast Snooping Information

show ip igmp snooping groups [ vlan vlan-id ] [count | dynamic | dynamic count | static | static count ]

Displays information of specific multicast group in all VLANs or in the specific VLAN.

count: Displays the number of multicast groups.

dynamic: Displays information of all dynamic multicast groups.

dynamic count: Displays the number of dynamic multicast groups.

static: Displays information of all static multicast groups.

static count: Displays the number of static multicast groups.

show ip igmp snooping interface [ fastEthernet [ port-list ] | gigabitEthernet [ port-list ] | ten-gigabitEthernet [ port-list ] ] packet-stat

Displays the packet statistics on specified ports or all ports.

clear ip igmp snooping statistics

Clear all statistics of all IGMP packets.

6.2.2Viewing IPv6 Multicast Snooping Configurations

show ipv6 mld snooping groups [vlan vlan-id ] [count | dynamic | dynamic count | static | static count ]

Displays information of specific multicast group in all VLANs or in the specific VLAN.

count displays the number of multicast groups.

dynamic displays information of all dynamic multicast groups.

dynamic count displays the number of dynamic multicast groups.

static displays information of all static multicast groups.

static count displays the number of static multicast groups.

show ipv6 mld snooping interface [ fastEthernet [ port-list ] | gigabitEthernet [ port-list ] | ten-gigabitEthernet [ port-list ] ] packet-stat

Displays the packet statistics on specified ports or all ports.

clear ipv6 mld snooping statistics

Clear all statistics of all MLD packets.

7Configuration Examples

7.1Example for Configuring Basic IGMP Snooping

7.1.1Network Requirements

Host B, Host C and Host D are in the same VLAN of the switch. All of them want to receive multicast streams sent to multicast group 225.1.1.1.

As shown in the following topology, Host B, Host C and Host D are connected to port 1/0/1, port 1/0/2 and port 1/0/3 respectively. Port 1/0/4 is the router port connected to the multicast querier.

Figure 7-1 Network Topology for Basic IGMP Snooping

7.1.2Configuration Scheme

Add the three member ports and the router port to a VLAN and configure their PVIDs.

Enable IGMP Snooping globally and in the VLAN.

Enable IGMP Snooping on the ports.

Demonstrated with T2600G-28TS, this section provides configuration procedures in two ways: using the GUI and using the CLI.

7.1.3Using the GUI

1)Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10 and add Untagged port 1/0/1-3 and Tagged port 1/0/4 to VLAN 10.

Figure 7-2 Create VLAN 10

2)Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the PVID of port 1/0/1-4 as 10.

Figure 7-3 Configure PVID for the Ports

3)Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Global Config to load the following page. In the Global Config section, enable IGMP Snooping globally. Configure the IGMP version as v3 so that the switch can process IGMP messages of all versions. Then click Apply.

Figure 7-4 Configure IGMP Snooping Globally

4)In the IGMP VLAN Config section, click in VLAN 10 to load the following page. Enable IGMP Snooping for VLAN 10.

Figure 7-5 Enable IGMP Snooping for VLAN 10

5)Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Port Config to load the following page. Enable IGMP Snooping for ports 1/0/1-4.

Figure 7-6 Enable IGMP Snooping for the Ports

6)Click to save the settings.

7.1.4Using the CLI

1)Create VLAN 10.

Switch#configure

Switch(config)#vlan 10

Switch(config-vlan)#name vlan10

Switch(config-vlan)#exit

2)Add port 1/0/1-3 to VLAN 10 and set the link type as untagged. Add port 1/0/4 to VLAN 10 and set the link type as tagged.

Switch(config)#interface range gigabitEthernet 1/0/1-3

Switch(config-if-range)#switchport general allowed vlan 10 untagged

Switch(config-if-range)#exit

Switch(config)#interface gigabitEthernet 1/0/4

Switch(config-if)#switchport general allowed vlan 10 tagged

Switch(config-if)#exit

3)Set the PVID of port 1/0/1-4 as 10.

Switch(config)#interface range gigabitEthernet 1/0/1-4

Switch(config-if-range)#switchport pvid 10

Switch(config-if-range)#exit

4)Enable IGMP Snooping globally.

Switch(config)#ip igmp snooping

5)Enable IGMP Snooping in VLAN 10.

Switch(config)#ip igmp snooping vlan-config 10

6)Enable IGMP Snooping on port 1/0/1-4.

Switch(config)#interface range gigabitEthernet 1/0/1-4

Switch(config-if-range)#ip igmp snooping

Switch(config-if-range)#exit

7)Save the settings.

Switch(config)#end

Switch#copy running-config startup-config

Verify the Configurations

Show members in the VLAN:

Switch(config)#show vlan brief

VLAN Name Status Ports

—— ——————— ——— —————————————-

1 System-VLAN active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4,

Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8,

10 vlan10 active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4

Show status of IGMP Snooping globally, on the ports and in the VLAN:

Switch(config)#show ip igmp snooping

IGMP Snooping :Enable

IGMP Version :V3

Header Validation :Disable

Global Authentication Accounting :Disable

Enable Port : Gi1/0/1-4

Enable VLAN:10

7.2Example for Configuring MVR

7.2.1Network Requirements

Host B, Host C and Host D are in three different VLANs of the switch. All of them want to receive multicast streams sent to multicast group 225.1.1.1.

7.2.2Network Topology

As shown in the following network topology, Host B, Host C and Host D are connected to port 1/0/1, port 1/0/2 and port 1/0/3 respectively. Port 1/0/1, port 1/0/2 and port 1/0/3 belong to VLAN 10, VLAN 20 and VLAN 30 respectively. Port 1/0/4 is connected to the multicast network in the upper layer network.

Figure 7-7 Network Topoloy for Multicast VLAN

7.2.3Configuration Scheme

As the hosts are in different VLANs, in IGMP Snooping, the Querier need to duplicate multicast streams for hosts in each VLAN. To avoid duplication of multicast streams being sent between Querier and the switch, you can configure MVR on the switch.

The switch can work in either MVR compatible mode or MVR dynamic mode. When in compatible mode, remember to statically configure the Querier to transmit the streams of multicast group 225.1.1.1 to the switch via the multicast VLAN. Here we take the MVR dynamic mode as an example.

Demonstrated with T2600G-28TS, this section provides configuration procedures in two ways: using the GUI and using the CLI.

7.2.4Using the GUI

1)Add port 1/0/1-3 to VLAN 10, VLAN 20 and VLAN 30 as Untagged ports respectively, and configure the PVID of port 1/0/1 as 10, port 1/0/2 as 20, port 1/0/3 as 30. Make sure port1/0/1-3 only belong to VLAN 10, VLAN 20 and VLAN 30 respectively. For details, refer to Configuring 802.1Q VLAN.

Figure 7-8 VLAN Configurations for Port 1/0/1-3

Figure 7-9 PVID for Port 1/0/1-3

2)Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 40 and add port 1/0/4 to the VLAN as Tagged port.

Figure 7-10 Create Multicast VLAN

3)Choose the menu L2 FEATURES > Multicast > MVR > MVR Config to load the following page. Enable MVR globally, and configure the MVR mode as Dynamic, multicast VLAN ID as 40.

Figure 7-11 Configure MVR Globally

4)Choose the menu L2 FEATURES > Multicast > MVR > MVR Group Config and click to load the following page. Add multicast group 225.1.1.1 to MVR.

Figure 7-12 Add Multicast Group to MVR

5)Choose the menu L2 FEATURES > Multicast > MVR > Port Config to load the following page. Enable MVR for port 1/0/1-4. Configure port 1/0/1-3 as Receiver ports and port 1/0/4 as Source port.

Figure 7-13 Configure MVR for the Ports

6)Click to save the settings.

7.2.5Using the CLI

1)Create VLAN 10, VLAN 20, VLAN 30 and VLAN 40.

Switch#configure

Switch(config)#vlan 10,20,30,40

Switch(config-vlan)#exit

2)Add port 1/0/1-3 to VLAN 10, VLAN 20 and VLAN 30 as untagged ports respectively, and configure the PVID of port 1/0/1 as 10, port 1/0/2 as 20, port 1/0/3 as 30. Add port 1/0/4 to VLAN 40 as tagged port and configure the PVID as of port 1/0/4 as 40.

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#switchport general allowed vlan 10 untagged

Switch(config-if)#switchport pvid 10

Switch(config-if)#exit

Switch(config)#interface gigabitEthernet 1/0/2

Switch(config-if)#switchport general allowed vlan 20 untagged

Switch(config-if)#switchport pvid 20

Switch(config-if)#exit

Switch(config)#interface gigabitEthernet 1/0/3

Switch(config-if)#switchport general allowed vlan 30 untagged

Switch(config-if)#switchport pvid 30

Switch(config-if)#exit

Switch(config)#interface gigabitEthernet 1/0/4

Switch(config-if)#switchport general allowed vlan 40 tagged

Switch(config-if)#switchport pvid 40

Switch(config-if)#exit

3)Check whether port1/0/1-3 only belong to VLAN 10, VLAN 20 and VLAN 30 respectively. If not, delete them from the other VLANs. By default, all ports are in VLAN 1, so you need to delete them from VLAN 1.

Switch(config)#show vlan brief

VLAN Name Status Ports

——- —————- ——— —————————————-

1 System-VLAN active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4,

Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8,

10 VLAN10 active Gi1/0/1

20 VLAN20 active Gi1/0/2

30 VLAN30 active Gi1/0/3

40 VLAN40 active Gi1/0/4

Switch(config)#interface range gigabitEthernet 1/0/1-3

Switch(config-if-range)#no switchport general allowed vlan 1

Switch(config-if-range)#exit

4)Enable MVR globally, and configure the MVR mode as Dynamic, multicast VLAN ID as 40. Add multicast group 225.1.1.1 to MVR.

Switch(config)#mvr

Switch(config)#mvr mode dynamic

Switch(config)#mvr vlan 40

Switch(config)#mvr group 225.1.1.1 1

5)Enable MVR for port 1/0/1-4. Configure port 1/0/1-3 as Receiver ports and port 1/0/4 as Source port.

Switch(config)#interface range gigabitEthernet 1/0/1-3

Switch(config-if-range)#mvr

Switch(config-if-range)#mvr type receiver

Switch(config-if-range)#exit

Switch(config)#interface gigabitEthernet 1/0/4

Switch(config-if)#mvr

Switch(config-if)#mvr type source

Switch(config-if)#exit

6)Save the settings.

Switch(config)#end

Switch#copy running-config startup-config

Verify the Configurations

Show the brief information of all VLANs:

Switch(config)#show vlan brief

VLAN Name Status Ports

——- —————- ——— —————————————-

1 System-VLAN active Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7,

10 VLAN10 active Gi1/0/1

20 VLAN20 active Gi1/0/2

30 VLAN30 active Gi1/0/3

40 VLAN40 active Gi1/0/4

Show the brief information of MVR:

Switch(config)#show mvr

MVR :Enable

MVR Multicast Vlan :40

MVR Max Multicast Groups :256

MVR Current Multicast Groups :1

MVR Global Query Response Time :5 (tenths of sec)

MVR Mode Type :Dynamic

Show the membership of MVR groups:

Switch(config)#show mvr members

MVR Group IP Status Members

—————— ———— ——————

225.1.1.1 active Gi1/0/4

7.3Example for Configuring Unknown Multicast and Fast Leave

7.3.1Network Requirement

A user experiences lag when he is changing channel on his IPTV. He wants solutions to this problem. As shown in the following network topology, port 1/0/4 on the switch is connected to the upper layer network, and port 1/0/2 is connected to Host B.

Figure 7-14 Network Topology for Unknow Multicast and Fast Leave

7.3.2Configuration Scheme

After the channel is changed, the client (Host B) still receives irrelevant multicast data, the data from the previous channel and possibly other unknown multicast data, which increases the network load and results in network congestion.

To avoid Host B from receiving irrelevant multicast data, you can enable Fast Leave on port 1/0/2 and configure the switch to discard unknown multicast data. To change channel, Host B sends a leave message about leaving the previous channel. With Fast Leave enabled on port 1/0/2, the switch will then drop multicast data from the previous channel, which ensures that Host B only receives multicast data from the new channel and that the multicast network is unimpeded.

Demonstrated with T2600G-28TS, this section provides configuration procedures in two ways: using the GUI and using the CLI.

7.3.3Using the GUI

1)Create VLAN 10. Add port 1/0/2 to the VLAN as untagged port and port 1/0/4 as tagged port. Configure the PVID of the two ports as 10. For details, refer to Configuring 802.1Q VLAN.

2)Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Global Config to load the following page. In the Global Config section, enable IGMP Snooping globally and configure Unknown Multicast Groups as Discard.

Figure 7-15 Configure IGMP Snooping Globally

Note:

IGMP Snooping and MLD Snooping share the setting of Unknown Multicast, so you have to enable MLD Snooping globally on the L2 FEATURES > Multicast > MLD Snooping > Global Config page at the same time.

3)In the IGMP VLAN Config section, click in VLAN 10 to load the following page. Enable IGMP Snooping for VLAN 10.

Figure 7-16 Enable IGMP Snooping for VLAN 10

4)Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Port Config to load the following page. Enable IGMP Snooping on port 1/0/2 and port 1/0/4 and enable Fast Leave on port 1/0/2.

Figure 7-17 Configure IGMP Snooping on Ports

5)Click to save the settings.

7.3.4Using the CLI

1)Enable IGMP Snooping and MLD Snooping globally.

Switch#configure

Switch(config)#ip igmp snooping

Switch(config)#ipv6 mld snooping

2)Configure Unknown Multicast Groups as Discard globally.

Switch(config)#ip igmp snooping drop-unknown

3)Enable IGMP Snooping on port 1/0/2 and enable Fast Leave. On port 1/0/4, enable IGMP Snooping.

Switch(config)#interface gigabitEthernet 1/0/2

Switch(config-if)#ip igmp snooping

Switch(config-if)#ip igmp snooping immediate-leave

Switch(config-if)#exit

Switch(config)#interface gigabitEthernet 1/0/4

Switch(config-if)#ip igmp snooping

Switch(config-if)#exit

4)Enable IGMP Snooping in VLAN 10.

Switch(config)#ip igmp snooping vlan-config 10

5)Save the settings.

Switch(config)#end

Switch#copy running-config startup-config

Verify the Configurations

Show global settings of IGMP Snooping:

Switch(config)#show ip igmp snooping

IGMP Snooping :Enable

IGMP Version :V3

Unknown Multicast :Discard

Enable Port: Gi1/0/1-28

Enable VLAN:10

Show settings of IGMP Snooping on port 1/0/2:

Switch(config)#show ip igmp snooping interface gigabitEthernet 1/0/2 basic-config

Port IGMP-Snooping Fast-Leave

——— ——————- ———-

Gi1/0/2 enable enable

7.4Example for Configuring Multicast Filtering

7.4.1Network Requirements

Host B, Host C and Host D are in the same subnet. Host C and Host D only receive multicast data sent to 225.0.0.1, while Host B receives all multicast data except the one sent from 225.0.0.2.

7.4.2Configuration Scheme

With the functions for managing multicast groups, whitelist and blacklist mechanism (profile binding), the switch can only allow specific member ports to join specific multicast groups or disallow specific member ports to join specific multicast groups. You can achieve this filtering function by creating a profile and binding it to the corresponding member port.

7.4.3Network Topology

As shown in the following network topology, Host B is connected to port 1/0/1, Host C is connected to port 1/0/2 and Host D is connected to port 1/0/3. They are all in VLAN 10.

Figure 7-18 Network Topology for Multicast Filtering

Demonstrated with T2600G-28TS, this section provides configuration procedures in two ways: using the GUI and using the CLI.

7.4.4Using the GUI

1)Create VLAN 10. Add port 1/0/1-3 to the VLAN as untagged port and port 1/0/4 as tagged port. Configure the PVID of the four ports as 10. For details, refer to Configuring 802.1Q VLAN.

2)Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Global Config to load the following page. In the Global Config section, enable IGMP Snooping globally.

Figure 7-19 Enable IGMP Snooping Globally

3)In the IGMP VLAN Config section, click in VLAN 10 to load the following page. Enable IGMP Snooping for VLAN 10.

Figure 7-20 Enable IGMP Snooping for VLAN 10

4)Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Port Config to load the following page.

Figure 7-21 Enable IGMP Snooping on the Port

5)Choose the menu L2 FEATURES > Multicast > Multicast Filtering > IPv4 Profile and click to load the following page. Create Profile 1, specify the mode as Permit, bind the profile to port 1/0/2-3, and specify the filtering multicast IP address as 225.0.0.1. Then click Back to return to the IPv4 Profile Table page.

Figure 7-22 Configure Filtering Profile for Host C and Host D

6)Click again to load the following page. Create Profile 2, specify the mode as Deny, bind the profile to port 1/0/1, and specify the filtering multicast IP address as 225.0.0.2.

Figure 7-23 Configure Filtering Profile for Host B

7)Click to save the settings.

7.4.5Using the CLI

1)Create VLAN 10.

Switch#configure

Switch(config)#vlan 10

Switch(config-vlan)#name vlan10

Switch(config-vlan)#exit

2)Add port 1/0/1-3 to VLAN 10 and set the link type as untagged. Add port 1/0/4 to VLAN 10 and set the link type as tagged.

Switch(config)#interface range gigabitEthernet 1/0/1-3

Switch(config-if-range)#switchport general allowed vlan 10 untagged

Switch(config-if-range)#exit

Switch(config)#interface gigabitEthernet 1/0/4

Switch(config-if)#switchport general allowed vlan 10 tagged

Switch(config-if)#exit

3)Set the PVID of port 1/0/1-4 as 10.

Switch(config)#interface range gigabitEthernet 1/0/1-4

Switch(config-if-range)#switchport pvid 10

Switch(config-if-range)#exit

4)Enable IGMP Snooping Globally.

Switch(config)#ip igmp snooping

5)Enable IGMP Snooping in VLAN 10.

Switch(config)#ip igmp snooping vlan-config 10

6)Enable IGMP Snooping on port 1/0/1-4.

Switch(config)#interface range gigabitEthernet 1/0/1-4

Switch(config-if-range)#ip igmp snooping

Switch(config-if-range)#exit

7)Create Profile 1, configure the mode as permit, and add an IP range with both start IP and end IP being 225.0.0.1.

Switch(config)#ip igmp profile 1

Switch(config-igmp-profile)#permit

Switch(config-igmp-profile)#range 225.0.0.1 225.0.0.1

Switch(config-igmp-profile)#exit

8) Bind Profile 1 to Port 1/0/2 and Port 1/10/3.

Switch(config)#interface range gigabitEthernet 1/0/2-3

Switch(config-if-range)#ip igmp filter 1

Switch(config-if-range)#exit

9)Create Profile 2, configure the mode as deny, and add an IP range with both start IP and end IP being 225.0.0.2.

Switch(config)#ip igmp profile 2

Switch(config-igmp-profile)#deny

Switch(config-igmp-profile)#range 225.0.0.2 225.0.0.2

Switch(config-igmp-profile)#exit

10)Bind Profile 2 to Port 1/0/1.

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#ip igmp filter 2

Switch(config-if)#exit

11)Save the settings.

Switch(config)#end

Switch#copy running-config startup-config

Verify the Configurations

Show global settings of IGMP Snooping:

Switch(config)#show ip igmp snooping

IGMP Snooping :Enable

IGMP Version :V3

Enable Port:Gi1/0/1-4

Enable VLAN:10

Show all profile bindings:

Switch(config)#show ip igmp profile

IGMP Profile 1

permit

range 225.0.0.1 225.0.0.1

Binding Port(s)

Gi1/0/2-3

IGMP Profile 2

deny

range 225.0.0.2 225.0.0.2

Binding Port(s)

Gi1/0/1

8Appendix: Default Parameters

8.1Default Parameters for IGMP Snooping

Table 8-1Default Parameters of IGMP Snooping

Function

Parameter

Default Setting

Global Settings of IGMP Snooping

IGMP Snooping

Disabled

IGMP Version

v3

Unknown Multicast Groups

Forward

Header Validation

Disabled

IGMP Snooping Settings in the VLAN

IGMP Snooping

Disabled

Fast Leave

Disabled

Report Suppression

Disabled

Member Port Aging Time

260 seconds

Router Port Aging Time

300 seconds

Leave Time

1 second

IGMP Snooping Querier

Disabled

Query Interval

60 seconds

Maximum Response Time

10 seconds

Last Member Query Interval

1 second

Last Member Query Count

2

General Query Source IP

0.0.0.0

Static Router Ports

None

Forbidden Router Ports

None

IGMP Snooping Settings on the Port and LAG

IGMP Snooping

Enabled

Fast Leave

Disabled

Static Multicast Group Settings

Static Multicast Group Entries

None

IGMP Accounting and Authentication

IGMP Accounting

Disabled

IGMP Authentication

Disabled

8.2Default Parameters for MLD Snooping

Table 8-2Default Parameters of MLD Snooping

Function

Parameter

Default Setting

Global Settings of IGMP Snooping

MLD Snooping

Disabled

Unknown Multicast Groups

Forward

MLD Snooping Settings in the VLAN

MLD Snooping

Disabled

Fast Leave

Disabled

Report Suppression

Disabled

Member Port Aging Time

260 seconds

Router Port Aging Time

300 seconds

Leave Time

1 second

MLD Snooping Querier

Disabled

Query Interval

60 seconds

Maximum Response Time

10 seconds

Last Listener Query Interval

1 second

Last Listener Query Count

2

General Query Source IP

::

Static Router Ports

None

Forbidden Router Ports

None

MLD Snooping Settings on the Port and LAG

MLD Snooping

Enabled

Fast Leave

Disabled

Static Multicast Group Settings

Static Multicast Group Entries

None

8.3Default Parameters for MVR

Table 8-3Default Parameters of MVR

Function

Parameter

Default Setting

Global Settings of MVR

MVR

Disabled

MVR Mode

Compatible

Multicast VLAN ID

1

Query Response Time

5 tenths of a second

Maximum Multicast Groups

256

MVR Group Settings

MVR Group Entries

None

MVR Settings on the Port

MVR Mode

Disabled

MVR Port Type

None

Fast Leave

Disabled

MVR Static Group Members

MVR Static Group Member Entries

None

8.4Default Parameters for Multicast Filtering

Table 8-4Default Parameters of Multicast Filtering

Function

Parameter

Default Setting

Profile Settings

IPv4 Profile and IPv6 Profile Entries

None

Multicast Filtering Settings on the Port and LAG

Bound Profile

None

Maximum Groups

For T2600G and T1600G series switches except T1600G-28TS V3, the default value is 1000.

For other switches, the default value is 511.

Overflow Action

Drop

  • Mikrotik netinstall не видит роутер
  • Mikrotik настройка роутера и точек доступа
  • Mikrotik роутер wifi 8 портов
  • Mikrotik cap ac подключить к роутеру
  • Mru что это в роутере