< Home

igmp ip-source-policy

Function

The igmp ip-source-policy command configures source address-based IGMP Report or Leave message filtering.

The undo igmp ip-source-policy command restores the default configuration.

Format

igmp ip-source-policy [ basic-acl-number ]

undo igmp ip-source-policy

Parameters

Parameter Description Value

basic-acl-number

Specifies the number of a basic ACL, which defines the range of source addresses.

The value is an integer ranging from 2000 to 2999.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

By default, no source address-based IGMP Report or Leave message filtering is configured.

Usage Scenario

To protect a multicast device against attacks from user hosts, Source address-based Internet Group Management Protocol (IGMP) message filtering enables a multicast device's interface to filter IGMP messages. To ensure the precision in multicast traffic sending, run the igmp ip-source-policy command on the multicast device's interface connecting to a user host to enable the multicast device to filter out the IGMP messages whose source addresses do not match a specified ACL rule.

IGMP messages are encapsulated into IP messages. This command is used to filter the source addresses in IP headers.

If you have not specified an ACL rule, the rules for filtering IGMP messages based on source addresses are as follows:
  • IGMP Report or Leave message are processed if the source addresses in the IP headers are 0.0.0.0 or are on the same network segment as the addresses of the inbound interfaces of the IGMP Report messages.
  • IGMP Report or Leave messages are discarded if the source addresses in the IP headers are on different network segments than the addresses of the inbound interfaces of the IGMP Report messages.

If you have specified an ACL rule: The interface filters out the IGMP Report, Leave, and Query messages whose source addresses do not match the ACL rule.

Prerequisites

Multicast has been enabled using the multicast routing-enable command.

Configuration Impact

The latest configuration overrides the previous configuration.

Precautions

The igmp ip-source-policy command works with the acl command. You can configure the source address of IGMP messages by specifying the source parameter in the rule command in the basic ACL view.

Example

# In a public network instance, configure GE0/0/0 to filter IGMP Report or Leave messages based on source addresses.
<sysname> system-view
[sysname] multicast routing-enable
[sysname] interface GigabitEthernet 0/0/0
[sysname-GigabitEthernet0/0/0] igmp ip-source-policy
# In a public network instance, configure GE0/0/0 to permit IGMP Report or Leave messages with the source address 10.10.1.2, but to drop IGMP Report or Leave messages with the source address 10.10.1.1.
<sysname> system-view
[sysname] multicast routing-enable
[sysname] acl number 2001
[sysname-acl-basic-2001] rule permit source 10.10.1.2 0
[sysname-acl-basic-2001] rule deny source 10.10.1.1 0
[sysname-acl-basic-2001] quit
[sysname] interface GigabitEthernet 0/0/0
[sysname-GigabitEthernet0/0/0] igmp ip-source-policy 2001
Parent Topic: IGMP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >