- Release 15.5SY Supervisor Engine 6T Software Configuration Guide
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Instant Access
- EnergyWise
- Power Management
- Environmental Monitoring
- Online Diagnostics
- Onboard Failure Logging (OBFL)
- Switch Fabric Functionality
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- Virtual Private LAN Services (VPLS)
- L2VPN Advanced VPLS (A-VPLS)
- Ethernet Virtual Connections (EVC)
- Layer 2 over Multipoint GRE (L2omGRE)
- Campus Fabric
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- NetFlow Hardware Support
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS Guidelines and Restrictions
- PFC QoS Overview
- PFC QoS Classification, Marking, and Policing
- PFC QoS Policy Based Queueing
- PFC QoS Global and Interface Options
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- Configuring IGMP Proxy
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Prerequisites for MLD Snooping
- Restrictions for MLD Snooping
- Information About MLD Snooping
- Default MLD Snooping Configuration
- How to Configure MLD Snooping
- Enabling the MLD Snooping Querier
- Configuring the MLD Snooping Query Interval
- Enabling MLD Snooping
- Configuring a Static Connection to a Multicast Receiver
- Configuring a Multicast Router Port Statically
- Enabling Fast-Leave Processing
- Enabling SSM Safe Reporting
- Configuring Explicit Host Tracking
- Configuring Report Suppression
- Verifying the MLD Snooping Configuration
IPv6 MLD Snooping
- Prerequisites for MLD Snooping
- Restrictions for MLD Snooping
- Information About MLD Snooping
- Default MLD Snooping Configuration
- How to Configure MLD Snooping
- Verifying the MLD Snooping Configuration
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
- Cisco IOS Release 15.4SY supports only Ethernet interfaces. Cisco IOS Release 15.4SY does not support any WAN features or commands.
- To constrain IPv4 multicast traffic, see Chapter7, “IGMP Snooping for IPv4 Multicast Traffic”
- All PFC modes support Multicast Listener Discovery (MLD) version 1 (MLDv1) and MLD version 2 (MLDv2).
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Prerequisites for MLD Snooping
Restrictions for MLD Snooping
General MLD Snooping Restrictions
- All PFC modes modes support MLD version 1 (MLDv1) and MLD version 2 (MLDv2).
- MLD is derived from Internet Group Management Protocol version 3 (IGMPv3). MLD protocol operations and state transitions, host and router behavior, query and report message processing, message forwarding rules, and timer operations are exactly same as IGMPv3. See draft-vida-mld-.02.txt for detailed information on MLD protocol.
- MLD protocol messages are Internet Control Message Protocol version 6 (ICMPv6) messages.
- MLD message formats are almost identical to IGMPv3 messages.
- IPv6 multicast for Cisco IOS software uses MLD version 2. This version of MLD is fully backward-compatible with MLD version 1 (described in RFC 2710). Hosts that support only MLD version 1 interoperate with a router running MLD version 2. Mixed LANs with both MLD version 1 and MLD version 2 hosts are supported.
- MLD snooping supports private VLANs. Private VLANs do not impose any restrictions on MLD snooping.
- MLD snooping constrains traffic in MAC multicast groups 0100.5e00.0001 to 0100.5eff.ffff.
- MLD snooping does not constrain Layer 2 multicasts generated by routing protocols.
MLD Snooping Querier Restrictions
- Configure an IPv6 address on the VLAN interface (see Chapter 35, “Layer 3 Interfaces”). When enabled, the MLD snooping querier uses the IPv6 address as the query source address.
- If there is no IPv6 address configured on the VLAN interface, the MLD snooping querier does not start. The MLD snooping querier disables itself if the IPv6 address is cleared. When enabled, the MLD snooping querier restarts if you configure an IPv6 address.
- When enabled, the MLD snooping querier does not start if it detects MLD traffic from an IPv6 multicast router.
- When enabled, the MLD snooping querier starts after 60 seconds with no MLD traffic detected from an IPv6 multicast router.
- When enabled, the MLD snooping querier disables itself if it detects MLD traffic from an IPv6 multicast router.
- QoS does not support MLD packets when MLD snooping is enabled.
- You can enable the MLD snooping querier on all the switches in the VLAN that support it. One switch is elected as the querier.
- To configure redundant MLD snooping queriers, complete the tasks in the “Enabling the MLD Snooping Querier” section on more than one switch in the VLAN.
When multiple MLD snooping queriers are enabled in a VLAN, the querier with the lowest IP address in the VLAN is elected as the active MLD snooping querier.
An MLD snooping querier election occurs if the active MLD snooping querier goes down or if there is an IP address change on any of the queriers.
Note To avoid unnecessary active querier time outs, configure the ipv6 mld snooping last-member-query-interval command with the same value on all queriers in a VLAN.
Information About MLD Snooping
- MLD Snooping Overview
- MLD Messages
- Source-Based Filtering
- Explicit Host Tracking
- MLD Snooping Proxy Reporting
- Joining an IPv6 Multicast Group
- Leaving a Multicast Group
- Information about the MLD Snooping Querier
MLD Snooping Overview
MLD snooping allows the switch to examine MLD packets and make forwarding decisions based on their content.
You can configure the switch to use MLD snooping in subnets that receive MLD queries from either MLD or the MLD snooping querier. MLD snooping constrains IPv6 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv6 multicast traffic only to those ports that want to receive it.
MLD, which runs at Layer 3 on a multicast router, generates Layer 3 MLD queries in subnets where the multicast traffic needs to be routed. For information about MLD, see this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/15-2mt/ip6-multicast.html
You can configure the MLD snooping querier on the switch to support MLD snooping in subnets that do not have any multicast router interfaces. For more information about the MLD snooping querier, see the “Enabling the MLD Snooping Querier” section.
MLD (on a multicast router) or, locally, the MLD snooping querier, sends out periodic general MLD queries that the switch forwards through all ports in the VLAN, and to which hosts respond. MLD snooping monitors the Layer 3 MLD traffic.
Note If a multicast group has only sources and no receivers in a VLAN, MLD snooping constrains the multicast traffic to only the multicast router ports.
MLD Messages
– General query—Sent by a multicast router to learn which multicast addresses have listeners.
– Multicast address specific query—Sent by a multicast router to learn if a particular multicast address has any listeners.
– Multicast address and source specific query—Sent by a multicast router to learn if any of the sources from the specified list for the particular multicast address has any listeners.
– Current state record (solicited)—Sent by a host in response to a query to specify the INCLUDE or EXCLUDE mode for every multicast group in which the host is interested.
– Filter mode change record (unsolicited)—Sent by a host to change the INCLUDE or EXCLUDE mode of one or more multicast groups.
– Source list change record (unsolicited)—Sent by a host to change information about multicast sources.
Source-Based Filtering
MLD uses source-based filtering, which enables hosts and routers to specify which multicast sources should be allowed or blocked for a specific multicast group. Source-based filtering either allows or blocks traffic based on the following information in MLD messages:
Because the Layer 2 table is (MAC-group, VLAN) based, with MLD hosts it is preferable to have only a single multicast source per MAC-group.
Note Source-based filtering is not supported in hardware. The states are maintained only in software and used for explicit host tracking and statistics collection.
Explicit Host Tracking
MLD supports explicit tracking of membership information on any port. The explicit-tracking database is used for fast-leave processing, proxy reporting, and statistics collection. When explicit tracking is enabled on a VLAN, the MLD snooping software processes the MLD report it receives from a host and builds an explicit-tracking database that contains the following information:
- The port connected to the host
- The channels reported by the host
- The filter mode for each group reported by the host
- The list of sources for each group reported by the hosts
- The router filter mode of each group
- For each group, the list of hosts requesting the source
Note ● Disabling explicit host tracking disables fast-leave processing and proxy reporting.
- When explicit tracking is enabled and the switch is in report-suppression mode, the multicast router might not be able to track all the hosts accessed through a VLAN interface.
MLD Snooping Proxy Reporting
Because MLD does not have report suppression, all the hosts send their complete multicast group membership information to the multicast router in response to queries. The switch snoops these responses, updates the database and forwards the reports to the multicast router. To prevent the multicast router from becoming overloaded with reports, MLD snooping does proxy reporting.
Proxy reporting forwards only the first report for a multicast group to the router and suppresses all other reports for the same multicast group.
Proxy reporting processes solicited and unsolicited reports. Proxy reporting is enabled and cannot be disabled.
Note Disabling explicit host tracking disables fast-leave processing and proxy reporting.
Joining an IPv6 Multicast Group
Hosts join IPv6 multicast groups either by sending an unsolicited MLD report or by sending an MLD report in response to a general query from an IPv6 multicast router (the switch forwards general queries from IPv6 multicast routers to all ports in a VLAN). The switch snoops these reports.
In response to a snooped MLD report, the switch creates an entry in its Layer 2 forwarding table for the VLAN on which the report was received. When other hosts that are interested in this multicast traffic send MLD reports, the switch snoops their reports and adds them to the existing Layer 2 forwarding table entry. The switch creates only one entry per VLAN in the Layer 2 forwarding table for each multicast group for which it snoops an MLD report.
MLD snooping suppresses all but one of the host reports per multicast group and forwards this one report to the IPv6 multicast router.
The switch forwards multicast traffic for the multicast group specified in the report to the interfaces where reports were received (see Figure 14-1).
Layer 2 multicast groups learned through MLD snooping are dynamic. However, you can statically configure Layer 2 multicast groups using the mac address-table static command. When you specify group membership for a multicast group address statically, the static setting supersedes any MLD snooping learning. Multicast group membership lists can consist of both static and MLD snooping-learned settings.
Figure 14-1 Initial MLD Listener Report
Multicast router A sends an MLD general query to the switch, which forwards the query to ports 2 through 5 (all members of the same VLAN). Host 1 wants to join an IPv6 multicast group and multicasts an MLD report to the group with the equivalent MAC destination address of 0x0100.5E01.0203. When the switch snoops the MLD report multicast by Host 1, the switch uses the information in the MLD report to create a forwarding-table entry.
|
|
|
---|---|---|
The switch hardware can distinguish MLD information packets from other packets for the multicast group. The first entry in the table indicates that only MLD packets should be sent to the CPU, which prevents the switch from becoming overloaded with multicast frames. The second entry indicates that frames addressed to the 0x0100.5E01.0203 multicast MAC address that are not MLD packets (!MLD) should be sent to the multicast router and to the host that has joined the group.
If another host (for example, Host 4) sends an unsolicited MLD report for the same group (Figure 14-2), the switch snoops that message and adds the port number of Host 4 to the forwarding table as shown in Table 14-2 . Because the forwarding table directs MLD messages only to the switch, the message is not flooded to other ports. Any known multicast traffic is forwarded to the group and not to the switch.
Figure 14-2 Second Host Joining a Multicast Group
|
|
|
---|---|---|
Leaving a Multicast Group
Normal Leave Processing
Interested hosts must continue to respond to the periodic MLD general queries. As long as at least one host in the VLAN responds to the periodic MLD general queries, the multicast router continues forwarding the multicast traffic to the VLAN. When hosts want to leave a multicast group, they can either ignore the periodic MLD general queries (called a “silent leave”), or they can send an MLD filter mode change record.
When MLD snooping receives a filter mode change record from a host that configures the EXCLUDE mode for a group, MLD snooping sends out a MAC-addressed general query to determine if any other hosts connected to that interface are interested in traffic for the specified multicast group.
If MLD snooping does not receive an MLD report in response to the general query, MLD snooping assumes that no other hosts connected to the interface are interested in receiving traffic for the specified multicast group, and MLD snooping removes the interface from its Layer 2 forwarding table entry for the specified multicast group.
If the filter mode change record was from the only remaining interface with hosts interested in the group, and MLD snooping does not receive an MLD report in response to the general query, MLD snooping removes the group entry and relays the MLD filter mode change record to the multicast router. If the multicast router receives no reports from a VLAN, the multicast router removes the group for the VLAN from its MLD cache.
The interval for which the switch waits before updating the table entry is called the “last member query interval.” To configure the interval, enter the ipv6 mld snooping last-member-query-interval interval command.
Fast-Leave Processing
Fast-leave processing is enabled by default. To disable fast-leave processing, turn off explicit-host tracking.
Fast-leave processing is implemented by maintaining source-group based membership information in software while also allocating LTL indexes on a MAC GDA basis.
When fast-leave processing is enabled, hosts send BLOCK_OLD_SOURCES{src-list} messages for a specific group when they no longer want to receive traffic from that source. When the switch receives such a message from a host, it parses the list of sources for that host for the given group. If this source list is exactly the same as the source list received in the leave message, the switch removes the host from the LTL index and stops forwarding this multicast group traffic to this host.
If the source lists do not match, the switch does not remove the host from the LTL index until the host is no longer interested in receiving traffic from any source.
Note Disabling explicit host tracking disables fast-leave processing and proxy reporting.
Information about the MLD Snooping Querier
Use the MLD snooping querier to support MLD snooping in a VLAN where PIM and MLD are not configured because the multicast traffic does not need to be routed.
In a network where IP multicast routing is configured, the IP multicast router acts as the MLD querier. If the IP-multicast traffic in a VLAN only needs to be Layer 2 switched, an IP-multicast router is not required, but without an IP-multicast router on the VLAN, you must configure another switch as the MLD querier so that it can send queries.
When enabled, the MLD snooping querier sends out periodic MLD queries that trigger MLD report messages from the switch that wants to receive IP multicast traffic. MLD snooping listens to these MLD reports to establish appropriate forwarding.
You can enable the MLD snooping querier on all the switches in the VLAN, but for each VLAN that is connected to switches that use MLD to report interest in IP multicast traffic, you must configure at least one switch as the MLD snooping querier.
You can configure a switch to generate MLD queries on a VLAN regardless of whether or not IP multicast routing is enabled.
Default MLD Snooping Configuration
How to Configure MLD Snooping
- Enabling the MLD Snooping Querier
- Configuring the MLD Snooping Query Interval
- Enabling MLD Snooping
- Configuring a Static Connection to a Multicast Receiver
- Configuring a Multicast Router Port Statically
- Enabling Fast-Leave Processing
- Enabling SSM Safe Reporting
- Configuring Explicit Host Tracking
- Configuring Report Suppression
Note ● To use MLD snooping, configure a Layer 3 interface in the subnet for IPv6 multicast routing or enable the MLD snooping querier in the subnet (see the “Enabling the MLD Snooping Querier” section).
- Except for the global enable command, all MLD snooping commands are supported only on VLAN interfaces.
Enabling the MLD Snooping Querier
Use the MLD snooping querier to support MLD snooping in a VLAN where PIM and MLD are not configured because the multicast traffic does not need to be routed. To enable the MLD snooping querier in a VLAN, perform this task:
|
|
|
---|---|---|
Router(config-vlan-config)# ipv6 address prefix / prefix_length |
||
This example shows how to enable the MLD snooping querier on VLAN 200 and verify the configuration:
Configuring the MLD Snooping Query Interval
You can configure the interval for which the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group.
Note When both MLD snooping fast-leave processing and the MLD snooping query interval are configured, fast-leave processing takes precedence.
To configure the interval for the MLD snooping queries sent by the switch, perform this task:
This example shows how to configure the MLD snooping query interval:
Enabling MLD Snooping
Enabling MLD Snooping Globally
To enable MLD snooping globally, perform this task:
|
|
|
---|---|---|
This example shows how to enable MLD snooping globally and verify the configuration:
Enabling MLD Snooping in a VLAN
To enable MLD snooping in a VLAN, perform this task:
|
|
|
---|---|---|
This example shows how to enable MLD snooping on VLAN 25 and verify the configuration:
Configuring a Static Connection to a Multicast Receiver
To configure a static connection to a multicast receiver, perform this task:
|
|
|
---|---|---|
Router(config)# mac address-table static mac_addr vlan vlan_id interface type slot/port [ disable-snooping ] |
||
When you configure a static connection, enter the disable-snooping keyword to prevent multicast traffic addressed to the statically configured multicast MAC address from also being sent to other ports in the same VLAN.
This example shows how to configure a static connection to a multicast receiver:
Configuring a Multicast Router Port Statically
To configure a static connection to a multicast router, perform this task:
|
|
|
---|---|---|
Router(config-vlan-config)# ipv6 mld snooping mrouter interface type slot/port |
||
The interface to the router must be in the VLAN where you are entering the command, the interface must be administratively up, and the line protocol must be up.
This example shows how to configure a static connection to a multicast router:
Enabling Fast-Leave Processing
To enable fast-leave processing in a VLAN, perform this task:
|
|
|
---|---|---|
This example shows how to enable fast-leave processing on the VLAN 200 interface and verify the configuration:
Enabling SSM Safe Reporting
To enable source-specific multicast (SSM) safe reporting, perform this task:
|
|
|
---|---|---|
Router(config-vlan-config)# ipv6 mld snooping ssm-safe-reporting |
This example shows how to SSM safe reporting:
Configuring Explicit Host Tracking
Note Disabling explicit host tracking disables fast-leave processing and proxy reporting.
To enable explicit host tracking on a VLAN, perform this task:
|
|
|
---|---|---|
Router(config-vlan-config)# ipv6 mld snooping explicit-tracking |
This example shows how to enable explicit host tracking:
Configuring Report Suppression
To enable report suppression on a VLAN, perform this task:
|
|
|
---|---|---|
Router(config-vlan-config)# ipv6 mld snooping report-suppression |
This example shows how to enable explicit host tracking:
Verifying the MLD Snooping Configuration
- Displaying Multicast Router Interfaces
- Displaying MAC Address Multicast Entries
- Displaying MLD Snooping Information for a VLAN Interface
Displaying Multicast Router Interfaces
When you enable IGMP snooping, the switch automatically learns to which interface the multicast routers are connected.
To display multicast router interfaces, perform this task:
|
|
---|---|
This example shows how to display the multicast router interfaces in VLAN 1:
Displaying MAC Address Multicast Entries
To display MAC address multicast entries for a VLAN, perform this task:
|
|
---|---|
This example shows how to display MAC address multicast entries for VLAN 1:
This example shows how to display a total count of MAC address entries for a VLAN:
Displaying MLD Snooping Information for a VLAN Interface
To display MLD snooping information for a VLAN interface, perform this task:
|
|
---|---|
Router# show ipv6 mld snooping {{ explicit-tracking vlan_ID }| { mrouter [ vlan vlan_ID ]} | { report-suppression vlan vlan_ID } | { statistics vlan vlan_ID } |
This example shows how to display explicit tracking information on VLAN 25:
This example shows how to display the multicast router interfaces in VLAN 1:
This example shows IGMP snooping statistics information for VLAN 25:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum