IGMP Snooping
The Internet Group Multicast Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. The host joins a multicast-group by sending a join request message towards the network router, and responds to queries sent from the network router by dispatching a join report.
A given port can be either manually configured to be a MRouter port or it can be dynamically manifested when having received a query, hence, the network router is connected to this port. All IGMP Snooping control packets received from hosts (joins/leaves) are forwarded to the MRouter port, and the MRouter port updates its multicast-group database accordingly. Each dynamically learned multicast group will be added to all of the MRouter ports on the switch.
As many as 5K multicast groups can be created on the switch.
IGMP snooping can be configured to establish multicast group memberships.
Enable IGMP snooping globally. Run:
switch
(config) # ip igmp snoopingEnable IGMP snooping on a VLAN. Run:
switch
(config) # vlan2
switch
(config vlan2
) # ip igmp snooping
A Multicast Router (MRouter) port on can be defined on a VLAN in one of the methods described below:
To change the interface switchport to trunk:
Enable IGMP snooping globally. Run:
switch (config) # ip igmp snooping
Change the interface switchport mode of the port (the interface is member of VLAN 1 by default). Run:
switch (config) # interface ethernet 1/1 switch (config interface ethernet 1/1) # switchport mode trunk
Change back to config mode. Run:
switch (config interface ethernet 1/1) # exit switch (config) #
Define the MRouter port on the VLAN. Run:
switch (config) # vlan 2 switch (config vlan 2) # ip igmp snooping mrouter interface ethernet 1/1
To change the interface switchport to hybrid:
Enable IGMP snooping globally. Run:
switch (config) # ip igmp snooping
Create a VLAN. Run:
switch (config) # vlan 200 switch (config vlan 200) #
Change back to config mode. Run:
switch (config vlan 200) # exit switch (config) #
Change the interface switchport mode of the port (the interface is member of VLAN 1 by default). Run:
switch (config) # interface ethernet 1/22 switch (config interface ethernet 1/22) # switchport mode hybrid
Attach the VLAN to the port’s interface. Run:
switch (config interface ethernet 1/22) # switchport mode hybrid allowed-vlan 200 switch (config interface ethernet 1/22) #
Change to config mode again. Run:
switch (config interface ethernet 1/22) # exit switch (config) #
Define the MRouter port on the VLAN. Run:
switch (config) # vlan 200 switch (config vlan 200) # ip igmp mrouter interface ethernet 1/22
To change the interface switchport to access:
Enable IGMP snooping globally. Run:
switch (config) # ip igmp snooping
Create a VLAN. Run:
switch (config) # vlan 200 switch (config vlan 200) #
Change back to config mode. Run:
switch (config vlan 200) # exit switch (config) #
Change the interface switchport mode of the port (the interface is member of VLAN 1 by default). Run:
switch (config) # interface ethernet 1/22 switch (config interface ethernet 1/22) # switchport mode access
Attach the VLAN to the port’s interface. Run:
switch (config interface ethernet 1/22) # switchport access vlan 200
Change to config mode again. Run:
switch (config interface ethernet 1/22) # exit
Define the MRouter port on the VLAN. Run:
switch (config) # vlan 200 switch (config vlan 200) # ip igmp mrouter interface ethernet 1/22
IGMP Snooping Querier complements the IGMP snooping functionality. IGMP Snooping Querier is used to support IGMP snooping in a VLAN where PIM and IGMP are not configured because the multicast traffic does not need to be routed. When IGMP Snooping Querier is enabled, IGMP queries are sent out periodically by the switch through all ports in the VLAN and to which hosts wishing to receive IP multicast traffic respond with IGMP report messages. IGMP Snooping Querier must be used in conjunction with IGMP snooping as IGMP snooping listens to these IGMP reports to establish appropriate forwarding.
To configure IGMP Snooping Querier:
Enable the IGMP snooping on the switch. Run:
switch (config) # ip igmp snooping
Create a VLAN and enable IGMP Snooping on VLAN. Run:
switch (config) # vlan 10 switch (config vlan 10)# ip igmp snooping
Enable the IGMP snooping querier on a specific VLAN. Run:
switch (config vlan 10)# ip igmp snooping querier
Set the query interval time. Run:
switch (config vlan 10)# ip igmp snooping querier query-interval 100
(Optional) Verify the IGMP snooping querier configuration. Run:
switch (config vlan 10)# show ip igmp snooping querier Snooping querier information for VLAN 10 IGMP Querier Present Querier IP address: 1.1.1.2 Query interval: 125 Response interval: 100 Group membership interval: 1 Robustness: 2 Version: 2
In some environments, devices attached to a switch (such as hosts or other switches) cannot be managed by the switch administrator. This can lead to IGMP resources misconfiguration or abuse and is an operational behavior and security concern.
This is common in shared network infrastructures, where a 3rd party is connected to the switch to access resources that are made available via that network device.
IGMP Snooping Querier Guard enables the switch administrator to define a filter to discard IGMP Membership Query messages, allowing it to be selected as the IGMP querier by ignoring the received messages. Connecting a device to an interface where this filter is defined stops the IGMP Querier election process that allows a 3rd party device to trigger the local interface to be demoted from being the IGMP querier.
IGMP Snooping Querier Guard can be configured on specific interfaces such as a port, MLAG port channel, or port channel. It only works when "igmp snooping" is enabled.
To configure IGMP Snooping Querier Guard on a specific interface, do the following:
Enable the IGMP snooping on the switch. Run:
switch (config) # ip igmp snooping
Enable IGMP snooping querier-guard on a specific interface. Run:
switch
(configinterface
ethernet1
/1
) # ip igmp snooping querier-guard