Understanding IGMP Snooping
Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients.
Note
For more information on IP multicast and IGMP, see RFC 1112 and RFC 2236.
The multicast router sends out periodic general queries to all VLANs. All hosts interested in this multicast traffic send join requests and are added to the forwarding table entry. The switch creates one entry per VLAN in the IGMP snooping IP multicast forwarding table for each group from which it receives an IGMP join request.
The switch supports IP multicast group-based bridging, rather than MAC-addressed based groups. With multicast MAC address-based groups, if an IP address being configured translates (aliases) to a previously configured MAC address or to any reserved multicast MAC addresses (in the range 224.0.0.xxx), the command fails. Because the switch uses IP multicast groups, there are no address aliasing issues.
The IP multicast groups learned through IGMP snooping are dynamic. However, you can statically configure multicast groups by using the ip igmp snooping vlan vlan-id static ip_address interface interface-id global configuration command. However this command is only supported on switchport SVI interfaces and not on EFP SVI interfaces. If you specify group membership for a multicast group address statically, your setting supersedes any automatic manipulation by IGMP snooping. Multicast group membership lists can consist of both user-defined and IGMP snooping-learned settings.
If a port spanning-tree, a port group, or a VLAN ID changes, the IGMP snooping-learned multicast groups from this port on the VLAN are deleted.
These sections describe IGMP snooping characteristics:
IGMP Support
IGMP snooping is supported over Switch Ports, EVCs, Ethernet over MPLS (EoMPLS), and Virtual Private LAN Services (VPLS) over Pseudowire (PW).
IGMP snooping supports the following:
- configuration of IGMP snooping over EVC interfaces with a single EFP or multiple EFPs per bridge domain.
- L2 multicast deployment on the customer access side of a network. Enabling IGMP snooping on EVCs allows snooping of IGMP requests.
Tags should be popped from a packet before the packet is sent to the IGMP snooping, using the rewrite ingress tag pop 1/2 symmetric command.
Note
IGMP snooping is not supported on Pseudowire if the core interface is an svi.
IGMP Versions
The switch supports IGMP Version 1, IGMP Version 2, and IGMP Version 3. These versions are interoperable on the switch. For example, if IGMP snooping is enabled on an IGMPv1 switch and the switch receives an IGMPv2 report from a host, the switch can forward the IGMPv2 report to the multicast router.
Note
The switches support IGMPv3 snooping based only on the destination multicast MAC address. They do not support snooping based on the source MAC address or on proxy reports.
An IGMPv3 switch supports Basic IGMPv3 Snooping Support (BISS), which includes support for the snooping features on IGMPv1 and IGMPv2 switches and for IGMPv3 membership report messages. BISS constrains the flooding of multicast traffic when your network includes IGMPv3 hosts. It constrains traffic to approximately the same set of ports as the IGMP snooping feature on IGMPv2 or IGMPv1 hosts.
An IGMPv3 switch can receive messages from and forward messages to a device running the Source Specific Multicast (SSM) feature. For more information about source-specific multicast with IGMPv3 and IGMP, refer to the IP Multicast: IGMP Configuration Guide, Cisco IOS Release 15.x.
Joining a Multicast Group
When a host connected to the switch wants to join an IP multicast group and it is an IGMP Version 2 client, it sends an unsolicited IGMP join message, specifying the IP multicast group to join. Alternatively, when the switch receives a general query from the router, it forwards the query to all ports in the VLAN. IGMP Version 1 or Version 2 hosts wanting to join the multicast group respond by sending a join message to the switch. The switch CPU creates a multicast forwarding-table entry for the group if it is not already present. The CPU also adds the interface where the join message was received to the forwarding-table entry. The host associated with that interface receives multicast traffic for that multicast group. See Figure 20-1.
Figure 20-1 Initial IGMP Join Message
Router A sends a general query to the switch, which forwards the query to ports 2 through 5, which are all members of the same VLAN. Host 1 wants to join multicast group 224.1.2.3 and multicasts an IGMP membership report (IGMP join message) to the group. The switch CPU uses the information in the IGMP report to set up a forwarding-table entry, as shown in Table 20-1 , that includes the port numbers connected to Host 1 and the router.
Table 20-1 IGMP Snooping Forwarding Table
|
|
|
224.1.2.3 |
IGMP |
1, 2 |
The switch hardware can distinguish IGMP information packets from other packets for the multicast group. The information in the table tells the switching engine to send frames addressed to the 224.1.2.3 multicast IP address that are not IGMP packets to the router and to the host that has joined the group.
If another host (for example, Host 4) sends an unsolicited IGMP join message for the same group (Figure 20-2), the CPU receives that message and adds the port number of Host 4 to the forwarding table as shown in Table 20-2 . Note that because the forwarding table directs IGMP messages to only the CPU, the message is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU.
Figure 20-2 Second Host Joining a Multicast Group
Table 20-2 Updated IGMP Snooping Forwarding Table
|
|
|
224.1.2.3 |
IGMP |
1, 2, 5 |
Multicast-capable router ports are added to the forwarding table for every Layer 2 multicast entry. The switch learns of such ports through one of these methods:
- Snooping on IGMP queries and Protocol Independent Multicast (PIM) packets
- Statically connecting to a multicast router port with the ip igmp snooping mrouter global configuration command
Leaving a Multicast Group
The router sends periodic multicast general queries, and the switch forwards these queries through all ports in the VLAN. Interested hosts respond to the queries. If at least one host in the VLAN wishes to receive multicast traffic, the router continues forwarding the multicast traffic to the VLAN. The switch forwards multicast group traffic only to those hosts listed in the forwarding table for that IP multicast group maintained by IGMP snooping.
When hosts want to leave a multicast group, they can silently leave, or they can send a leave message. When the switch receives a leave message from a host, it sends a group-specific query to learn if any other devices connected to that interface are interested in traffic for the specific multicast group. The switch then updates the forwarding table for that MAC group so that only those hosts interested in receiving multicast traffic for the group are listed in the forwarding table. If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache.
Immediate Leave
Immediate Leave is only supported on IGMP Version 2 hosts.
The switch uses IGMP snooping Immediate Leave to remove from the forwarding table an interface that sends a leave message without the switch sending group-specific queries to the interface. The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message. Immediate Leave ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are simultaneously in use.
Note
You should only use the Immediate Leave feature on VLANs where a single host is connected to each port. If Immediate Leave is enabled in VLANs where more than one host is connected to a port, some hosts might inadvertently be dropped.
For configuration steps, see the “Enabling IGMP Immediate Leave” section.
IGMP Configurable-Leave Timer
You can configure the time that the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group. The IGMP leave response time can be configured from 100 to 5000 milliseconds. The timer can be set either globally or on a per-VLAN basis. The VLAN configuration of the leave time overrides the global configuration.
For configuration steps, see the “Configuring the IGMP Leave Timer” section.
IGMP Report Suppression
Note
IGMP report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports.
The switch uses IGMP report suppression to forward only one IGMP report per multicast router query to multicast devices. When IGMP router suppression is enabled (the default), the switch sends the first IGMP report from all hosts for a group to all the multicast routers. The switch does not send the remaining IGMP reports for the group to the multicast routers. This feature prevents duplicate reports from being sent to the multicast devices.
If the multicast router query includes requests only for IGMPv1 and IGMPv2 reports, the switch forwards only the first IGMPv1 or IGMPv2 report from all hosts for a group to all the multicast routers.
If the multicast router query also includes requests for IGMPv3 reports, the switch forwards all IGMPv1, IGMPv2, and IGMPv3 reports for a group to the multicast devices.
If you disable IGMP report suppression, all IGMP reports are forwarded to the multicast routers. For configuration steps, see the “Disabling IGMP Report Suppression” section.
Configuring IGMP Snooping
IGMP snooping allows switches to examine IGMP packets and make forwarding decisions based on their content.
Default IGMP Snooping Configuration
Table 20-3 Default IGMP Snooping Configuration
|
|
IGMP snooping |
Enabled globally and per VLAN |
Multicast routers |
None configured |
Multicast router learning (snooping) method |
PIM |
IGMP snooping Immediate Leave |
Disabled |
Static groups |
None configured |
TCN flood query count |
2 |
TCN query solicitation |
Disabled |
IGMP report suppression |
Enabled |
Enabling or Disabling IGMP Snooping
By default, IGMP snooping is globally enabled on the switch. When globally enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces. IGMP snooping is by default enabled on all VLANs, but can be enabled and disabled on a per-VLAN basis.
Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or disable VLAN snooping.
Beginning in privileged EXEC mode, follow these steps to globally enable IGMP snooping on the switch:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping |
Globally enable IGMP snooping in all existing VLAN interfaces. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To globally disable IGMP snooping on all VLAN interfaces, use the no ip igmp snooping global configuration command.
Beginning in privileged EXEC mode, follow these steps to enable IGMP snooping on a VLAN interface:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping vlan vlan-id |
Enable IGMP snooping on the VLAN interface.The VLAN ID range is 1 to 1001 and 1006 to 4094. Note IGMP snooping must be globally enabled before you can enable VLAN snooping. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To disable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan vlan-id global configuration command for the specified VLAN number.
Configuring a Multicast Router Port
To add a multicast router port (add a static connection to a multicast router), use the ip igmp snooping vlan mrouter global configuration command on the switch.
Note
Static connections to multicast routers are supported only on switch ports.
Beginning in privileged EXEC mode, follow these steps to enable a static connection to a multicast router:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping vlan vlan-id mrouter interface interface-id |
Specify the multicast router VLAN ID and the interface to the multicast router.
- The VLAN ID range is 1 to 1001 and 1006 to 4094.
- The interface can be a physical interface or a port channel. The port-channel range is 1 to 26.
Note The switch supports switchport and port channel interfaces. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show ip igmp snooping mrouter [ vlan vlan-id ] |
Verify that IGMP snooping is enabled on the VLAN interface. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To remove a multicast router port from the VLAN, use the no ip igmp snooping vlan vlan-id mrouter interface interface-id global configuration command.
This example shows how to enable a static connection to a multicast router:
Switch# configure terminal
Switch(config)#
ip igmp snooping vlan 200 mrouter interface gigabitethernet0/2
Configuring a Host Statically to Join a Group
Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure a host on an interface.
Beginning in privileged EXEC mode, follow these steps to add a Layer 2 port as a member of a multicast group:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping vlan vlan-id static ip_address interface interface-id |
Statically configure a Layer 2 port as a member of a multicast group:
- vlan-id is the multicast group VLAN ID. The range is 1 to 1001 and 1006 to 4094.
- ip-address is the group IP address.
- interface-id is the member port. It can be a physical interface or a port channel.
|
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show ip igmp snooping groups |
Verify the member port and the IP address. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To remove the Layer 2 port from the multicast group, use the no ip igmp snooping vlan vlan-id static mac-address interface interface-id global configuration command.
This example shows how to statically configure a host on a port:
Switch# configure terminal
Switch(config)# ip igmp snooping vlan 105 static 224.2.4.12 interface gigabitethernet0/1
Enabling IGMP Immediate Leave
When you enable IGMP Immediate Leave, the switch immediately removes a port when it detects an IGMP Version 2 leave message on that port. You should only use the Immediate-Leave feature when there is a single receiver present on every port in the VLAN.
Note
Immediate Leave is supported only on IGMP Version 2 hosts.
Beginning in privileged EXEC mode, follow these steps to enable IGMP Immediate Leave:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping vlan vlan-id immediate-leave |
Enable IGMP Immediate Leave on the VLAN interface. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show ip igmp snooping vlan vlan-id |
Verify that Immediate Leave is enabled on the VLAN interface. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To disable IGMP Immediate Leave on a VLAN, use the no ip igmp snooping vlan vlan-id immediate-leave global configuration command.
This example shows how to enable IGMP Immediate Leave on VLAN 130:
Switch# configure terminal
Switch(config)# ip igmp snooping vlan 130 immediate-leave
Configuring the IGMP Leave Timer
Follow these guidelines when configuring the IGMP leave timer:
- You can configure the leave time globally or on a per-VLAN basis.
- Configuring the leave time on a VLAN overrides the global setting.
- The default leave time is 1000 milliseconds.
- The IGMP configurable leave time is only supported on hosts running IGMP Version 2.
- The actual leave latency in the network is usually the configured leave time. However, the leave time might vary around the configured time, depending on real-time CPU load conditions, network delays and the amount of traffic sent through the interface.
Beginning in privileged EXEC mode, follow these steps to enable the IGMP configurable-leave timer:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping last-member-query-interval time |
Configure the IGMP leave timer globally. The range is 100 to 32768 milliseconds. The default is 1000 seconds. |
Step 3 |
ip igmp snooping vlan vlan-id last-member-query-interval time |
(Optional) Configure the IGMP leave time on the VLAN interface. The range is 100 to 32768 milliseconds. Note Configuring the leave time on a VLAN overrides the globally configured timer. |
Step 4 |
end |
Return to privileged EXEC mode. |
Step 5 |
show ip igmp snooping |
(Optional) Display the configured IGMP leave time. |
Step 6 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
Use the no ip igmp snooping last-member-query-interva l global configuration command to globally reset the IGMP leave timer to the default setting.
Use the no ip igmp snooping vlan vlan-id last-member-query-interval global configuration command to remove the configured IGMP leave-time setting from the specified VLAN.
Configuring TCN-Related Commands
These sections describe how to control flooded multicast traffic during a TCN event:
Controlling the Multicast Flooding Time After a TCN Event
You can control the time that multicast traffic is flooded after a TCH event by using the ip igmp snooping tcn flood query count global configuration command. This command configures the number of general queries for which multicast data traffic is flooded after a TCN event. Some examples of TCN events are the client changed its location and the receiver is on same port that was blocked but is now forwarding, and a port went down without sending a leave message.
If you set the TCN flood query count to 1 by using the ip igmp snooping tcn flood query count command, the flooding stops after receiving one general query. If you set the count to 7, the flooding of multicast traffic due to the TCN event lasts until 7 general queries are received. Groups are relearned based on the general queries received during the TCN event.
Beginning in privileged EXEC mode, follow these steps to configure the TCN flood query count:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping tcn flood query count count |
Specify the number of IGMP general queries for which the multicast traffic is flooded. The range is 1 to 10. By default, the flooding query count is 2. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show ip igmp snooping |
Verify the TCN settings. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To return to the default flooding query count, use the no ip igmp snooping tcn flood query count global configuration command.
Recovering from Flood Mode
When a topology change occurs, the spanning-tree root sends a special IGMP leave message (also known as global leave) with the group multicast address 0.0.0.0. However, when you enable the ip igmp snooping tcn query solicit global configuration command, the switch sends the global leave message whether or not it is the spanning-tree root. When the router receives this special leave, it immediately sends general queries, which expedite the process of recovering from the flood mode during the TCN event. Leaves are always sent if the switch is the spanning-tree root regardless of this configuration command. By default, query solicitation is disabled.
Beginning in privileged EXEC mode, follow these steps to enable the switch sends the global leave message whether or not it is the spanning-tree root:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp snooping tcn query solicit |
Send an IGMP leave message (global leave) to speed the process of recovering from the flood mode caused during a TCN event. By default, query solicitation is disabled. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show ip igmp snooping |
Verify the TCN settings. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To return to the default query solicitation, use the no ip igmp snooping tcn query solicit global configuration command.
Disabling Multicast Flooding During a TCN Event
When the switch receives a TCN, multicast traffic is flooded to all the ports until two general queries are received. If the switch has many ports with attached hosts that are subscribed to different multicast groups, the flooding might exceed the capacity of the link and cause packet loss. You can use the ip igmp snooping tcn flood interface configuration command to control this behavior.
Beginning in privileged EXEC mode, follow these steps to disable multicast flooding on an interface:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface interface-id |
Specify the interface to be configured, and enter interface configuration mode. |
Step 3 |
no ip igmp snooping tcn flood |
Disable the flooding of multicast traffic during a spanning-tree TCN event. By default, multicast flooding is enabled on an interface. |
Step 4 |
exit |
Return to privileged EXEC mode. |
Step 5 |
show ip igmp snooping |
Verify the TCN settings. |
Step 6 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To re-enable multicast flooding on an interface, use the ip igmp snooping tcn flood interface configuration command.
Disabling IGMP Report Suppression
Note
IGMP report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports. This feature is not supported when the query includes IGMPv3 reports.
IGMP report suppression is enabled by default. When it is enabled, the switch forwards only one IGMP report per multicast router query. When report suppression is disabled, all IGMP reports are forwarded to the multicast routers.
Beginning in privileged EXEC mode, follow these steps to disable IGMP report suppression:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
no ip igmp snooping report-suppression |
Disable IGMP report suppression. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show ip igmp snooping |
Verify that IGMP report suppression is disabled. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To re-enable IGMP report suppression, use the ip igmp snooping report-suppression global configuration command.
Configuring IGMP Filtering and Throttling
In some environments, for example, metropolitan or multiple-dwelling unit (MDU) installations, you might want to control the set of multicast groups to which a user on a switch port can belong. You can control the distribution of multicast services, such as IP/TV, based on some type of subscription or service plan. You might also want to limit the number of multicast groups to which a user on a switch port can belong.
With the IGMP filtering feature, you can filter multicast joins on a per-port basis by configuring IP multicast profiles and associating them with individual switch ports. An IGMP profile can contain one or more multicast groups and specifies whether access to the group is permitted or denied. If an IGMP profile denying access to a multicast group is applied to a switch port, the IGMP join report requesting the stream of IP multicast traffic is dropped, and the port is not allowed to receive IP multicast traffic from that group. If the filtering action permits access to the multicast group, the IGMP report from the port is forwarded for normal processing. You can also set the maximum number of IGMP groups that a Layer 2 interface can join.
IGMP filtering controls only group-specific query and membership reports, including join and leave reports. It does not control general IGMP queries. IGMP filtering has no relationship with the function that directs the forwarding of IP multicast traffic. The filtering feature operates in the same manner whether IGMP or MVR is used to forward the multicast traffic.
IGMP filtering is applicable only to the dynamic learning of IP multicast group addresses, not static configuration.
With the IGMP throttling feature, you can set the maximum number of IGMP groups that a Layer 2 interface can join. If the maximum number of IGMP groups is set, the IGMP snooping forwarding table contains the maximum number of entries, and the interface receives an IGMP join report, you can configure an interface to drop the IGMP report or to replace the randomly selected multicast entry with the received IGMP report.
Note
IGMPv3 join and leave messages are not supported on switches running IGMP filtering.
These sections contain this configuration information:
Default IGMP Filtering and Throttling Configuration
Table 20-5 shows the default IGMP filtering configuration.
Table 20-5 Default IGMP Filtering Configuration
|
|
IGMP filters |
None applied |
IGMP maximum number of IGMP groups |
No maximum set |
IGMP profiles |
None defined |
IGMP profile action |
Deny the range addresses |
When the maximum number of groups is in forwarding table, the default IGMP throttling action is to deny the IGMP report. For configuration guidelines, see the “Configuring the IGMP Throttling Action” section.
Configuring IGMP Profiles
To configure an IGMP profile, use the ip igmp profile global configuration command with a profile number to create an IGMP profile and to enter IGMP profile configuration mode. From this mode, you can specify the parameters of the IGMP profile to be used for filtering IGMP join requests from a port. When you are in IGMP profile configuration mode, you can create the profile by using these commands:
- deny : Specifies that matching addresses are denied; this is the default.
- exit : Exits from igmp-profile configuration mode.
- no : Negates a command or returns to its defaults.
- permit : Specifies that matching addresses are permitted.
- range : Specifies a range of IP addresses for the profile. You can enter a single IP address or a range with a start and an end address.
The default is for the switch to have no IGMP profiles configured. When a profile is configured, if neither the permit nor deny keyword is included, the default is to deny access to the range of IP addresses.
Beginning in privileged EXEC mode, follow these steps to create an IGMP profile:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ip igmp profile profile number |
Assign a number to the profile you are configuring, and enter IGMP profile configuration mode. The profile umber range is 1 to 4294967295. |
Step 3 |
permit | deny |
(Optional) Set the action to permit or deny access to the IP multicast address. If no action is configured, the default for the profile is to deny access. |
Step 4 |
range ip multicast address |
Enter the IP multicast address or range of IP multicast addresses to which access is being controlled. If entering a range, enter the low IP multicast address, a space, and the high IP multicast address. You can use the range command multiple times to enter multiple addresses or ranges of addresses. |
Step 5 |
end |
Return to privileged EXEC mode. |
Step 6 |
show ip igmp profile profile number |
Verify the profile configuration. |
Step 7 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To delete a profile, use the no ip igmp profile profile number global configuration command.
To delete an IP multicast address or range of IP multicast addresses, use the no range ip multicast address IGMP profile configuration command.
This example shows how to create IGMP profile 4 allowing access to the single IP multicast address and how to verify the configuration. If the action was to deny (the default), it would not appear in the show ip igmp profile output display.
Switch(config)# ip igmp profile 4
Switch(config-igmp-profile)# permit
Switch(config-igmp-profile)# range 229.9.9.0
Switch(config-igmp-profile)# end
Switch# show ip igmp profile 4
range 229.9.9.0 229.9.9.0
Applying IGMP Profiles
To control access as defined in an IGMP profile, use the ip igmp filter interface configuration command to apply the profile to the appropriate interfaces. You can apply IGMP profiles only to Layer 2 access ports; you cannot apply IGMP profiles to routed ports or SVIs. You cannot apply profiles to ports that belong to an EtherChannel port group. You can apply a profile to multiple interfaces, but each interface can have only one profile applied to it.
Beginning in privileged EXEC mode, follow these steps to apply an IGMP profile to a switch port:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface interface-id |
Specify the physical interface, and enter interface configuration mode. The interface must be a Layer 2 port that does not belong to an EtherChannel port group. |
Step 3 |
ip igmp filter profile number |
Apply the specified IGMP profile to the interface. The range is 1 to 4294967295. |
Step 4 |
end |
Return to privileged EXEC mode. |
Step 5 |
show running-config interface interface-id |
Verify the configuration. |
Step 6 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To remove a profile from an interface, use the no ip igmp filter profile number interface configuration command.
This example shows how to apply IGMP profile 4 to a port:
Switch(config)# interface gigabitethernet0/2
Switch(config-if)# ip igmp filter 4
Setting the Maximum Number of IGMP Groups
You can set the maximum number of IGMP groups that a Layer 2 interface can join by using the ip igmp max-groups interface configuration command. Use the no form of this command to set the maximum back to the default, which is no limit.
This restriction can be applied to Layer 2 ports only; you cannot set a maximum number of IGMP groups on routed ports or SVIs. You can use this command on a logical EtherChannel interface but cannot use it on ports that belong to an EtherChannel port group.
Beginning in privileged EXEC mode, follow these steps to set the maximum number of IGMP groups in the forwarding table:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface interface-id |
Specify the interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or a EtherChannel interface. |
Step 3 |
ip igmp max-groups number |
Set the maximum number of IGMP groups that the interface can join. The range is 0 to 4294967294. The default is to have no maximum set. |
Step 4 |
end |
Return to privileged EXEC mode. |
Step 5 |
show running-config interface interface-id |
Verify the configuration. |
Step 6 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To remove the maximum group limitation and return to the default of no maximum, use the no ip igmp max-groups interface configuration command.
This example shows how to limit to 25 the number of IGMP groups that a port can join.
Switch(config)# interface gigabitethernet0/2
Switch(config-if)# ip igmp max-groups 25
Configuring the IGMP Throttling Action
After you set the maximum number of IGMP groups that a Layer 2 interface can join, you can configure an interface to replace the existing group with the new group for which the IGMP report was received by using the ip igmp max-groups action replace interface configuration command. Use the no form of this command to return to the default, which is to drop the IGMP join report.
Follow these guidelines when configuring the IGMP throttling action:
- This restriction can be applied only to Layer 2 ports. You can use this command on a logical EtherChannel interface but cannot use it on ports that belong to an EtherChannel port group.
- When the maximum group limitation is set to the default (no maximum), entering the ip igmp max-groups action { deny | replace } command has no effect.
- If you configure the throttling action and set the maximum group limitation after an interface has added multicast entries to the forwarding table, the forwarding-table entries are either aged out or removed, depending on the throttling action.
–
If you configure the throttling action as deny, the entries that were previously in the forwarding table are not removed but are aged out. After these entries are aged out and the maximum number of entries is in the forwarding table, the switch drops the next IGMP report received on the interface.
–
If you configure the throttling action as replace, the entries that were previously in the forwarding table are removed. When the maximum number of entries is in the forwarding table, the switch replaces a randomly selected entry with the received IGMP report.
To prevent the switch from removing the forwarding-table entries, you can configure the IGMP throttling action before an interface adds entries to the forwarding table.
Beginning in privileged EXEC mode, follow these steps to configure the throttling action when the maximum number of entries is in the forwarding table:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface interface-id |
Specify the physical interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or an EtherChannel interface. The interface cannot be a trunk port. |
Step 3 |
ip igmp max-groups action { deny | replace } |
When an interface receives an IGMP report and the maximum number of entries is in the forwarding table, specify the action that the interface takes:
- deny —Drop the report.
- replace —Replace the existing group with the new group for which the IGMP report was received.
|
Step 4 |
end |
Return to privileged EXEC mode. |
Step 5 |
show running-config interface interface-id |
Verify the configuration. |
Step 6 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To return to the default action of dropping the report, use the no ip igmp max-groups action interface configuration command.
This example shows how to configure a port to remove a randomly selected multicast entry in the forwarding table and to add an IGMP group to the forwarding table when the maximum number of entries is in the table.
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip igmp max-groups action replace