Source Address-based IGMP Message Filtering
Source address-based Internet Group Management Protocol (IGMP) message filtering enables a multicast device's interface to filter IGMP messages based on the access control list (ACL) configuration to protect a multicast device against attacks from user hosts. To ensure the precision in multicast traffic sending, configure source address-based IGMP message filtering on the multicast device's interface connected to user hosts. Different IGMP messages have different source address-based filtering policies:
- IGMP Report or Leave messages
- If you have not specified an ACL rule:
- If the source address of an IGMP Report or Leave message and the IP address of the receiving interface are on the same network segment, or the host address of the IGMP Report or Leave message is 0.0.0.0, the IGMP source address filtering is passed.
- If the source address of an IGMP Report or Leave message and the IP address of the receiving interface are on the same network segment, or the host address of the IGMP Report or Leave message is 0.0.0.0, the IGMP source address filtering is passed.
- If the source address of an IGMP Report or Leave message and the IP address of the receiving interface are on the same network segment, or the host address of the IGMP Report or Leave message is 0.0.0.0, the IGMP source address filtering is passed.
- If you have not specified an ACL rule:
- IGMP Query messages: The interface filters out IGMP Query messages whose source addresses do not match a specified ACL rule.
As shown in Figure 1, Router A is connected to the hosts through the interface at 10.0.0.1/24. The source addresses of IGMP Report or Leave messages sent by Host A, Host B, and Host C are 11.0.0.1, 10.0.0.8, and 0.0.0.0, respectively. If you have not specified an ACL rule, the interface filters out the IGMP Report or Leave messages from Host A. If you have specified an ACL rule, the interface filters out the IGMP messages whose source addresses do not match the rule.