ME 3800x and ME 3600x Switches Software Configuration Guide, Release 15.2(4)S
Configuring IGMP Snooping
Downloads: This chapterpdf (PDF - 260.0KB) The complete bookPDF (PDF - 11.82MB) | Feedback

Configuring IGMP Snooping

Table Of Contents

Configuring IGMP Snooping

Understanding IGMP Snooping

IGMP Support

IGMP Versions

Joining a Multicast Group

Leaving a Multicast Group

Immediate Leave

IGMP Configurable-Leave Timer

IGMP Report Suppression

Configuring IGMP Snooping

Default IGMP Snooping Configuration

Enabling or Disabling IGMP Snooping

Configuring a Multicast Router Port

Configuring a Host Statically to Join a Group

Enabling IGMP Immediate Leave

Configuring the IGMP Leave Timer

Configuring TCN-Related Commands

Controlling the Multicast Flooding Time After a TCN Event

Recovering from Flood Mode

Disabling Multicast Flooding During a TCN Event

Disabling IGMP Report Suppression

Displaying IGMP Snooping Information

Configuring IGMP Filtering and Throttling

Default IGMP Filtering and Throttling Configuration

Configuring IGMP Profiles

Applying IGMP Profiles

Setting the Maximum Number of IGMP Groups

Configuring the IGMP Throttling Action

Displaying IGMP Filtering and Throttling Configuration


Configuring IGMP Snooping


This chapter describes how to configure Internet Group Management Protocol (IGMP) snooping on the Cisco ME 3800X and ME 3600X switch. It also includes procedures for controlling multicast group membership by using IGMP filtering and procedures for configuring the IGMP throttling action.


Note For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the "IP Multicast Routing Commands" section in the Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2.


Understanding IGMP Snooping

Configuring IGMP Snooping

Displaying IGMP Snooping Information

Configuring IGMP Filtering and Throttling

Displaying IGMP Filtering and Throttling Configuration


Note You can either manage IP multicast group addresses through features such as IGMP snooping, or you can use static IP addresses.


Understanding IGMP Snooping

Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients.


Note For more information on IP multicast and IGMP, see RFC 1112 and RFC 2236.


The multicast router sends out periodic general queries to all VLANs. All hosts interested in this multicast traffic send join requests and are added to the forwarding table entry. The switch creates one entry per VLAN in the IGMP snooping IP multicast forwarding table for each group from which it receives an IGMP join request.

The switch supports IP multicast group-based bridging, rather than MAC-addressed based groups. With multicast MAC address-based groups, if an IP address being configured translates (aliases) to a previously configured MAC address or to any reserved multicast MAC addresses (in the range 224.0.0.xxx), the command fails. Because the switch uses IP multicast groups, there are no address aliasing issues.

The IP multicast groups learned through IGMP snooping are dynamic. However, you can statically configure multicast groups by using the ip igmp snooping vlan vlan-id static ip_address interface interface-id global configuration command. However this command is only supported on switchport SVI interfaces and not on EFP SVI interfaces. If you specify group membership for a multicast group address statically, your setting supersedes any automatic manipulation by IGMP snooping. Multicast group membership lists can consist of both user-defined and IGMP snooping-learned settings.

If a port spanning-tree, a port group, or a VLAN ID changes, the IGMP snooping-learned multicast groups from this port on the VLAN are deleted.

These sections describe IGMP snooping characteristics:

IGMP Support

IGMP Versions

Joining a Multicast Group

Leaving a Multicast Group

Immediate Leave

IGMP Configurable-Leave Timer

IGMP Report Suppression

IGMP Support

IGMP snooping is supported over Switch Ports, EVCs, Ethernet over MPLS (EoMPLS), and Virtual Private LAN Services (VPLS) over Pseudowire (PW).

IGMP snooping supports the following:

configuration of IGMP snooping over EVC interfaces with a single EFP or multiple EFPs per bridge domain.

L2 multicast deployment on the customer access side of a network. Enabling IGMP snooping on EVCs allows snooping of IGMP requests.

Tags should be popped from a packet before the packet is sent to the IGMP snooping, using the rewrite ingress tag pop 1/2 symmetric command.


Note IGMP snooping is not supported on Pseudowire if the core interface is an svi.


IGMP Versions

The switch supports IGMP Version 1, IGMP Version 2, and IGMP Version 3. These versions are interoperable on the switch. For example, if IGMP snooping is enabled on an IGMPv1 switch and the switch receives an IGMPv2 report from a host, the switch can forward the IGMPv2 report to the multicast router.


Note The switches support IGMPv3 snooping based only on the destination multicast MAC address. They do not support snooping based on the source MAC address or on proxy reports.


An IGMPv3 switch supports Basic IGMPv3 Snooping Support (BISS), which includes support for the snooping features on IGMPv1 and IGMPv2 switches and for IGMPv3 membership report messages. BISS constrains the flooding of multicast traffic when your network includes IGMPv3 hosts. It constrains traffic to approximately the same set of ports as the IGMP snooping feature on IGMPv2 or IGMPv1 hosts.

An IGMPv3 switch can receive messages from and forward messages to a device running the Source Specific Multicast (SSM) feature. For more information about source-specific multicast with IGMPv3 and IGMP, see this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtssm5t.htm

Joining a Multicast Group

When a host connected to the switch wants to join an IP multicast group and it is an IGMP Version 2 client, it sends an unsolicited IGMP join message, specifying the IP multicast group to join. Alternatively, when the switch receives a general query from the router, it forwards the query to all ports in the VLAN. IGMP Version 1 or Version 2 hosts wanting to join the multicast group respond by sending a join message to the switch. The switch CPU creates a multicast forwarding-table entry for the group if it is not already present. The CPU also adds the interface where the join message was received to the forwarding-table entry. The host associated with that interface receives multicast traffic for that multicast group. See Figure 21-1.

Figure 21-1 Initial IGMP Join Message

Router A sends a general query to the switch, which forwards the query to ports 2 through 5, which are all members of the same VLAN. Host 1 wants to join multicast group 224.1.2.3 and multicasts an IGMP membership report (IGMP join message) to the group. The switch CPU uses the information in the IGMP report to set up a forwarding-table entry, as shown in Table 21-1, that includes the port numbers connected to Host 1 and the router.

Table 21-1 IGMP Snooping Forwarding Table

Destination Address
Type of Packet
Ports

224.1.2.3

IGMP

1, 2


The switch hardware can distinguish IGMP information packets from other packets for the multicast group. The information in the table tells the switching engine to send frames addressed to the 224.1.2.3 multicast IP address that are not IGMP packets to the router and to the host that has joined the group.

If another host (for example, Host 4) sends an unsolicited IGMP join message for the same group (Figure 21-2), the CPU receives that message and adds the port number of Host 4 to the forwarding table as shown in Table 21-2. Note that because the forwarding table directs IGMP messages to only the CPU, the message is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU.

Figure 21-2 Second Host Joining a Multicast Group

Table 21-2 Updated IGMP Snooping Forwarding Table

Destination Address
Type of Packet
Ports

224.1.2.3

IGMP

1, 2, 5


Multicast-capable router ports are added to the forwarding table for every Layer 2 multicast entry. The switch learns of such ports through one of these methods:

Snooping on IGMP queries and Protocol Independent Multicast (PIM) packets

Statically connecting to a multicast router port with the ip igmp snooping mrouter global configuration command

Leaving a Multicast Group

The router sends periodic multicast general queries, and the switch forwards these queries through all ports in the VLAN. Interested hosts respond to the queries. If at least one host in the VLAN wishes to receive multicast traffic, the router continues forwarding the multicast traffic to the VLAN. The switch forwards multicast group traffic only to those hosts listed in the forwarding table for that IP multicast group maintained by IGMP snooping.

When hosts want to leave a multicast group, they can silently leave, or they can send a leave message. When the switch receives a leave message from a host, it sends a group-specific query to learn if any other devices connected to that interface are interested in traffic for the specific multicast group. The switch then updates the forwarding table for that MAC group so that only those hosts interested in receiving multicast traffic for the group are listed in the forwarding table. If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache.

Immediate Leave

Immediate Leave is only supported on IGMP Version 2 hosts.

The switch uses IGMP snooping Immediate Leave to remove from the forwarding table an interface that sends a leave message without the switch sending group-specific queries to the interface. The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message. Immediate Leave ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are simultaneously in use.


Note You should only use the Immediate Leave feature on VLANs where a single host is connected to each port. If Immediate Leave is enabled in VLANs where more than one host is connected to a port, some hosts might inadvertently be dropped.


For configuration steps, see the "Enabling IGMP Immediate Leave" section.

IGMP Configurable-Leave Timer

You can configure the time that the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group. The IGMP leave response time can be configured from 100 to 5000 milliseconds. The timer can be set either globally or on a per-VLAN basis. The VLAN configuration of the leave time overrides the global configuration.

For configuration steps, see the "Configuring the IGMP Leave Timer" section.

IGMP Report Suppression


Note IGMP report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports.


The switch uses IGMP report suppression to forward only one IGMP report per multicast router query to multicast devices. When IGMP router suppression is enabled (the default), the switch sends the first IGMP report from all hosts for a group to all the multicast routers. The switch does not send the remaining IGMP reports for the group to the multicast routers. This feature prevents duplicate reports from being sent to the multicast devices.

If the multicast router query includes requests only for IGMPv1 and IGMPv2 reports, the switch forwards only the first IGMPv1 or IGMPv2 report from all hosts for a group to all the multicast routers.

If the multicast router query also includes requests for IGMPv3 reports, the switch forwards all IGMPv1, IGMPv2, and IGMPv3 reports for a group to the multicast devices.

If you disable IGMP report suppression, all IGMP reports are forwarded to the multicast routers. For configuration steps, see the "Disabling IGMP Report Suppression" section.

Configuring IGMP Snooping

IGMP snooping allows switches to examine IGMP packets and make forwarding decisions based on their content.

Default IGMP Snooping Configuration

Enabling or Disabling IGMP Snooping

Configuring a Multicast Router Port

Configuring a Host Statically to Join a Group

Enabling IGMP Immediate Leave

Configuring the IGMP Leave Timer

Configuring TCN-Related Commands

Disabling IGMP Report Suppression

Default IGMP Snooping Configuration

Table 21-3 Default IGMP Snooping Configuration 

Feature
Default Setting

IGMP snooping

Enabled globally and per VLAN

Multicast routers

None configured

Multicast router learning (snooping) method

PIM

IGMP snooping Immediate Leave

Disabled

Static groups

None configured

TCN1 flood query count

2

TCN query solicitation

Disabled

IGMP report suppression

Enabled

1 TCN = Topology Change Notification


Enabling or Disabling IGMP Snooping

By default, IGMP snooping is globally enabled on the switch. When globally enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces. IGMP snooping is by default enabled on all VLANs, but can be enabled and disabled on a per-VLAN basis.

Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or disable VLAN snooping.

Beginning in privileged EXEC mode, follow these steps to globally enable IGMP snooping on the switch:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping

Globally enable IGMP snooping in all existing VLAN interfaces.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To globally disable IGMP snooping on all VLAN interfaces, use the no ip igmp snooping global configuration command.

Beginning in privileged EXEC mode, follow these steps to enable IGMP snooping on a VLAN interface:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping vlan vlan-id

Enable IGMP snooping on the VLAN interface.The VLAN ID range is 1 to 1001 and 1006 to 4094.

Note IGMP snooping must be globally enabled before you can enable VLAN snooping.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan vlan-id global configuration command for the specified VLAN number.

Configuring a Multicast Router Port

To add a multicast router port (add a static connection to a multicast router), use the ip igmp snooping vlan mrouter global configuration command on the switch.


Note Static connections to multicast routers are supported only on switch ports.


Beginning in privileged EXEC mode, follow these steps to enable a static connection to a multicast router:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping vlan vlan-id mrouter interface interface-id

Specify the multicast router VLAN ID and the interface to the multicast router.

The VLAN ID range is 1 to 1001 and 1006 to 4094.

The interface can be a physical interface or a port channel. The port-channel range is 1 to 26.

Note The switch supports switchport and port channel interfaces.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip igmp snooping mrouter [vlan vlan-id]

Verify that IGMP snooping is enabled on the VLAN interface.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove a multicast router port from the VLAN, use the no ip igmp snooping vlan vlan-id mrouter interface interface-id global configuration command.

This example shows how to enable a static connection to a multicast router:

Switch# configure terminal
Switch(config)# ip igmp snooping vlan 200 mrouter interface gigabitethernet0/2
Switch(config)# end

Configuring a Host Statically to Join a Group

Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure a host on an interface.

Beginning in privileged EXEC mode, follow these steps to add a Layer 2 port as a member of a multicast group:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping vlan vlan-id static ip_address interface interface-id

Statically configure a Layer 2 port as a member of a multicast group:

vlan-id is the multicast group VLAN ID. The range is 1 to 1001 and 1006 to 4094.

ip-address is the group IP address.

interface-id is the member port. It can be a physical interface or a port channel.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip igmp snooping groups

Verify the member port and the IP address.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove the Layer 2 port from the multicast group, use the no ip igmp snooping vlan vlan-id static mac-address interface interface-id global configuration command.

This example shows how to statically configure a host on a port:

Switch# configure terminal
Switch(config)# ip igmp snooping vlan 105 static 224.2.4.12 interface gigabitethernet0/1
Switch(config)# end

Enabling IGMP Immediate Leave

When you enable IGMP Immediate Leave, the switch immediately removes a port when it detects an IGMP Version 2 leave message on that port. You should only use the Immediate-Leave feature when there is a single receiver present on every port in the VLAN.


Note Immediate Leave is supported only on IGMP Version 2 hosts.


Beginning in privileged EXEC mode, follow these steps to enable IGMP Immediate Leave:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping vlan vlan-id immediate-leave

Enable IGMP Immediate Leave on the VLAN interface.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip igmp snooping vlan vlan-id

Verify that Immediate Leave is enabled on the VLAN interface.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable IGMP Immediate Leave on a VLAN, use the no ip igmp snooping vlan vlan-id immediate-leave global configuration command.

This example shows how to enable IGMP Immediate Leave on VLAN 130:

Switch# configure terminal
Switch(config)# ip igmp snooping vlan 130 immediate-leave
Switch(config)# end

Configuring the IGMP Leave Timer

Follow these guidelines when configuring the IGMP leave timer:

You can configure the leave time globally or on a per-VLAN basis.

Configuring the leave time on a VLAN overrides the global setting.

The default leave time is 1000 milliseconds.

The IGMP configurable leave time is only supported on hosts running IGMP Version 2.

The actual leave latency in the network is usually the configured leave time. However, the leave time might vary around the configured time, depending on real-time CPU load conditions, network delays and the amount of traffic sent through the interface.

Beginning in privileged EXEC mode, follow these steps to enable the IGMP configurable-leave timer:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping last-member-query-interval time

Configure the IGMP leave timer globally. The range is 100 to 32768 milliseconds. The default is 1000 seconds.

Step 3 

ip igmp snooping vlan vlan-id last-member-query-interval time

(Optional) Configure the IGMP leave time on the VLAN interface. The range is 100 to 32768 milliseconds.

Note Configuring the leave time on a VLAN overrides the globally configured timer.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show ip igmp snooping

(Optional) Display the configured IGMP leave time.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no ip igmp snooping last-member-query-interval global configuration command to globally reset the IGMP leave timer to the default setting.

Use the no ip igmp snooping vlan vlan-id last-member-query-interval global configuration command to remove the configured IGMP leave-time setting from the specified VLAN.

Configuring TCN-Related Commands

These sections describe how to control flooded multicast traffic during a TCN event:

Controlling the Multicast Flooding Time After a TCN Event

Recovering from Flood Mode

Disabling Multicast Flooding During a TCN Event

Controlling the Multicast Flooding Time After a TCN Event

You can control the time that multicast traffic is flooded after a TCH event by using the ip igmp snooping tcn flood query count global configuration command. This command configures the number of general queries for which multicast data traffic is flooded after a TCN event. Some examples of TCN events are the client changed its location and the receiver is on same port that was blocked but is now forwarding, and a port went down without sending a leave message.

If you set the TCN flood query count to 1 by using the ip igmp snooping tcn flood query count command, the flooding stops after receiving one general query. If you set the count to 7, the flooding of multicast traffic due to the TCN event lasts until 7 general queries are received. Groups are relearned based on the general queries received during the TCN event.

Beginning in privileged EXEC mode, follow these steps to configure the TCN flood query count:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping tcn flood query count count

Specify the number of IGMP general queries for which the multicast traffic is flooded. The range is 1 to 10. By default, the flooding query count is 2.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip igmp snooping

Verify the TCN settings.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default flooding query count, use the no ip igmp snooping tcn flood query count global configuration command.

Recovering from Flood Mode

When a topology change occurs, the spanning-tree root sends a special IGMP leave message (also known as global leave) with the group multicast address 0.0.0.0. However, when you enable the ip igmp snooping tcn query solicit global configuration command, the switch sends the global leave message whether or not it is the spanning-tree root. When the router receives this special leave, it immediately sends general queries, which expedite the process of recovering from the flood mode during the TCN event. Leaves are always sent if the switch is the spanning-tree root regardless of this configuration command. By default, query solicitation is disabled.

Beginning in privileged EXEC mode, follow these steps to enable the switch sends the global leave message whether or not it is the spanning-tree root:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp snooping tcn query solicit

Send an IGMP leave message (global leave) to speed the process of recovering from the flood mode caused during a TCN event. By default, query solicitation is disabled.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip igmp snooping

Verify the TCN settings.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default query solicitation, use the no ip igmp snooping tcn query solicit global configuration command.

Disabling Multicast Flooding During a TCN Event

When the switch receives a TCN, multicast traffic is flooded to all the ports until two general queries are received. If the switch has many ports with attached hosts that are subscribed to different multicast groups, the flooding might exceed the capacity of the link and cause packet loss. You can use the ip igmp snooping tcn flood interface configuration command to control this behavior.

Beginning in privileged EXEC mode, follow these steps to disable multicast flooding on an interface:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify the interface to be configured, and enter interface configuration mode.

Step 3 

no ip igmp snooping tcn flood

Disable the flooding of multicast traffic during a spanning-tree TCN event.

By default, multicast flooding is enabled on an interface.

Step 4 

exit

Return to privileged EXEC mode.

Step 5 

show ip igmp snooping

Verify the TCN settings.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To re-enable multicast flooding on an interface, use the ip igmp snooping tcn flood interface configuration command.

Disabling IGMP Report Suppression


Note IGMP report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports. This feature is not supported when the query includes IGMPv3 reports.


IGMP report suppression is enabled by default. When it is enabled, the switch forwards only one IGMP report per multicast router query. When report suppression is disabled, all IGMP reports are forwarded to the multicast routers.

Beginning in privileged EXEC mode, follow these steps to disable IGMP report suppression:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

no ip igmp snooping report-suppression

Disable IGMP report suppression.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip igmp snooping

Verify that IGMP report suppression is disabled.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To re-enable IGMP report suppression, use the ip igmp snooping report-suppression global configuration command.

Displaying IGMP Snooping Information

You can display IGMP snooping information for dynamically learned and statically configured router ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for IGMP snooping.

To display IGMP snooping information, use one or more of the privileged EXEC commands in Table 21-4.

Table 21-4 Commands for Displaying IGMP Snooping Information 

Command
Purpose

show ip igmp snooping [vlan vlan-id]

Display the snooping configuration information for all VLANs on the switch or for a specified VLAN.

(Optional) Enter vlan vlan-id to display information for a single VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094.

show ip igmp snooping groups [count |dynamic [count] | user [count]]

Display multicast table information for the switch or about a specific parameter:

count—Display the total number of entries for the specified command options instead of the actual entries.

dynamic—Display entries learned through IGMP snooping.

user—Display only the user-configured multicast entries.

show ip igmp snooping groups vlan vlan-id
[ip_address | count | dynamic [count] | user [count]]

Display multicast table information for a multicast VLAN or about a specific parameter for the VLAN:

vlan-id—The VLAN ID range is 1 to 1001 and 1006 to 4094.

count—Display the total number of entries for the specified command options instead of the actual entries.

dynamic—Display entries learned through IGMP snooping.

ip_address—Display characteristics of the multicast group with the specified group IP address.

user—Display only the user-configured multicast entries.

show ip igmp snooping mrouter [vlan vlan-id]

Display information on dynamically learned and manually configured multicast router interfaces.

Note When you enable IGMP snooping, the switch automatically learns the interface to which a multicast router is connected. These are dynamically learned interfaces.

(Optional) Enter vlan vlan-id to display information for a single VLAN.

show ip igmp snooping querier [vlan vlan-id]

Display information about the IP address and incoming port for the most-recently received IGMP query messages in the VLAN.

(Optional) Enter vlan vlan-id to display information for a single VLAN.


For more information about the keywords and options in these commands, see the command reference for this release.

Configuring IGMP Filtering and Throttling

In some environments, for example, metropolitan or multiple-dwelling unit (MDU) installations, you might want to control the set of multicast groups to which a user on a switch port can belong. You can control the distribution of multicast services, such as IP/TV, based on some type of subscription or service plan. You might also want to limit the number of multicast groups to which a user on a switch port can belong.

With the IGMP filtering feature, you can filter multicast joins on a per-port basis by configuring IP multicast profiles and associating them with individual switch ports. An IGMP profile can contain one or more multicast groups and specifies whether access to the group is permitted or denied. If an IGMP profile denying access to a multicast group is applied to a switch port, the IGMP join report requesting the stream of IP multicast traffic is dropped, and the port is not allowed to receive IP multicast traffic from that group. If the filtering action permits access to the multicast group, the IGMP report from the port is forwarded for normal processing. You can also set the maximum number of IGMP groups that a Layer 2 interface can join.

IGMP filtering controls only group-specific query and membership reports, including join and leave reports. It does not control general IGMP queries. IGMP filtering has no relationship with the function that directs the forwarding of IP multicast traffic. The filtering feature operates in the same manner whether IGMP or MVR is used to forward the multicast traffic.

IGMP filtering is applicable only to the dynamic learning of IP multicast group addresses, not static configuration.

With the IGMP throttling feature, you can set the maximum number of IGMP groups that a Layer 2 interface can join. If the maximum number of IGMP groups is set, the IGMP snooping forwarding table contains the maximum number of entries, and the interface receives an IGMP join report, you can configure an interface to drop the IGMP report or to replace the randomly selected multicast entry with the received IGMP report.


Note IGMPv3 join and leave messages are not supported on switches running IGMP filtering.


These sections contain this configuration information:

Default IGMP Filtering and Throttling Configuration

Configuring IGMP Profiles (optional)

Applying IGMP Profiles (optional)

Setting the Maximum Number of IGMP Groups (optional)

Configuring the IGMP Throttling Action (optional)

Default IGMP Filtering and Throttling Configuration

Table 21-5 shows the default IGMP filtering configuration.

Table 21-5 Default IGMP Filtering Configuration

Feature
Default Setting

IGMP filters

None applied

IGMP maximum number of IGMP groups

No maximum set

IGMP profiles

None defined

IGMP profile action

Deny the range addresses


When the maximum number of groups is in forwarding table, the default IGMP throttling action is to deny the IGMP report. For configuration guidelines, see the "Configuring the IGMP Throttling Action" section.

Configuring IGMP Profiles

To configure an IGMP profile, use the ip igmp profile global configuration command with a profile number to create an IGMP profile and to enter IGMP profile configuration mode. From this mode, you can specify the parameters of the IGMP profile to be used for filtering IGMP join requests from a port. When you are in IGMP profile configuration mode, you can create the profile by using these commands:

deny: Specifies that matching addresses are denied; this is the default.

exit: Exits from igmp-profile configuration mode.

no: Negates a command or returns to its defaults.

permit: Specifies that matching addresses are permitted.

range: Specifies a range of IP addresses for the profile. You can enter a single IP address or a range with a start and an end address.

The default is for the switch to have no IGMP profiles configured. When a profile is configured, if neither the permit nor deny keyword is included, the default is to deny access to the range of IP addresses.

Beginning in privileged EXEC mode, follow these steps to create an IGMP profile:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip igmp profile profile number

Assign a number to the profile you are configuring, and enter IGMP profile configuration mode. The profile umber range is 1 to 4294967295.

Step 3 

permit | deny

(Optional) Set the action to permit or deny access to the IP multicast address. If no action is configured, the default for the profile is to deny access.

Step 4 

range ip multicast address

Enter the IP multicast address or range of IP multicast addresses to which access is being controlled. If entering a range, enter the low IP multicast address, a space, and the high IP multicast address.

You can use the range command multiple times to enter multiple addresses or ranges of addresses.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show ip igmp profile profile number

Verify the profile configuration.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To delete a profile, use the no ip igmp profile profile number global configuration command.

To delete an IP multicast address or range of IP multicast addresses, use the no range ip multicast address IGMP profile configuration command.

This example shows how to create IGMP profile 4 allowing access to the single IP multicast address and how to verify the configuration. If the action was to deny (the default), it would not appear in the show ip igmp profile output display.

Switch(config)# ip igmp profile 4
Switch(config-igmp-profile)# permit
Switch(config-igmp-profile)# range 229.9.9.0
Switch(config-igmp-profile)# end
Switch# show ip igmp profile 4
IGMP Profile 4
    permit
    range 229.9.9.0 229.9.9.0

Applying IGMP Profiles

To control access as defined in an IGMP profile, use the ip igmp filter interface configuration command to apply the profile to the appropriate interfaces. You can apply IGMP profiles only to Layer 2 access ports; you cannot apply IGMP profiles to routed ports or SVIs. You cannot apply profiles to ports that belong to an EtherChannel port group. You can apply a profile to multiple interfaces, but each interface can have only one profile applied to it.

Beginning in privileged EXEC mode, follow these steps to apply an IGMP profile to a switch port:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify the physical interface, and enter interface configuration mode. The interface must be a Layer 2 port that does not belong to an EtherChannel port group.

Step 3 

ip igmp filter profile number

Apply the specified IGMP profile to the interface. The range is 1 to 4294967295.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show running-config interface interface-id

Verify the configuration.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove a profile from an interface, use the no ip igmp filter profile number interface configuration command.

This example shows how to apply IGMP profile 4 to a port:

Switch(config)# interface gigabitethernet0/2
Switch(config-if)# ip igmp filter 4
Switch(config-if)# end

Setting the Maximum Number of IGMP Groups

You can set the maximum number of IGMP groups that a Layer 2 interface can join by using the ip igmp max-groups interface configuration command. Use the no form of this command to set the maximum back to the default, which is no limit.

This restriction can be applied to Layer 2 ports only; you cannot set a maximum number of IGMP groups on routed ports or SVIs. You can use this command on a logical EtherChannel interface but cannot use it on ports that belong to an EtherChannel port group.

Beginning in privileged EXEC mode, follow these steps to set the maximum number of IGMP groups in the forwarding table:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify the interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or a EtherChannel interface.

Step 3 

ip igmp max-groups number

Set the maximum number of IGMP groups that the interface can join. The range is 0 to 4294967294. The default is to have no maximum set.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show running-config interface interface-id

Verify the configuration.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove the maximum group limitation and return to the default of no maximum, use the no ip igmp max-groups interface configuration command.

This example shows how to limit to 25 the number of IGMP groups that a port can join.

Switch(config)# interface gigabitethernet0/2
Switch(config-if)# ip igmp max-groups 25
Switch(config-if)# end

Configuring the IGMP Throttling Action

After you set the maximum number of IGMP groups that a Layer 2 interface can join, you can configure an interface to replace the existing group with the new group for which the IGMP report was received by using the ip igmp max-groups action replace interface configuration command. Use the no form of this command to return to the default, which is to drop the IGMP join report.

Follow these guidelines when configuring the IGMP throttling action:

This restriction can be applied only to Layer 2 ports. You can use this command on a logical EtherChannel interface but cannot use it on ports that belong to an EtherChannel port group.

When the maximum group limitation is set to the default (no maximum), entering the ip igmp max-groups action {deny | replace} command has no effect.

If you configure the throttling action and set the maximum group limitation after an interface has added multicast entries to the forwarding table, the forwarding-table entries are either aged out or removed, depending on the throttling action.

If you configure the throttling action as deny, the entries that were previously in the forwarding table are not removed but are aged out. After these entries are aged out and the maximum number of entries is in the forwarding table, the switch drops the next IGMP report received on the interface.

If you configure the throttling action as replace, the entries that were previously in the forwarding table are removed. When the maximum number of entries is in the forwarding table, the switch replaces a randomly selected entry with the received IGMP report.

To prevent the switch from removing the forwarding-table entries, you can configure the IGMP throttling action before an interface adds entries to the forwarding table.

Beginning in privileged EXEC mode, follow these steps to configure the throttling action when the maximum number of entries is in the forwarding table:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify the physical interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or an EtherChannel interface. The interface cannot be a trunk port.

Step 3 

ip igmp max-groups action {deny | replace}

When an interface receives an IGMP report and the maximum number of entries is in the forwarding table, specify the action that the interface takes:

deny—Drop the report.

replace—Replace the existing group with the new group for which the IGMP report was received.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show running-config interface interface-id

Verify the configuration.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default action of dropping the report, use the no ip igmp max-groups action interface configuration command.

This example shows how to configure a port to remove a randomly selected multicast entry in the forwarding table and to add an IGMP group to the forwarding table when the maximum number of entries is in the table.

Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip igmp max-groups action replace
Switch(config-if)# end

Displaying IGMP Filtering and Throttling Configuration

You can display IGMP profile characteristics, and you can display the IGMP profile and maximum group configuration for all interfaces on the switch or for a specified interface. You can also display the IGMP throttling configuration for all interfaces on the switch or for a specified interface.

Use the privileged EXEC commands in Table 21-6 to display IGMP filtering and throttling configuration:

Table 21-6 Commands for Displaying IGMP Filtering and Throttling Configuration

Command
Purpose

show ip igmp profile [profile number]

Displays the specified IGMP profile or all the IGMP profiles defined on the switch.

show running-config [interface interface-id]

Displays the configuration of the specified interface or the configuration of all interfaces on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface.