Multicast Filtering
235
Instruction Manual - NXA-ENET8-POE+
The following table lists the options on this page:
Multicast - IGMP Snooping (General) Options
IGMP Snooping Status
When enabled, the switch will monitor network traffic to determine which hosts want to receive
multicast traffic. This is referred to as IGMP Snooping. (Default: Disabled)
When IGMP snooping is enabled globally, the per VLAN interface settings for IGMP snooping take
precedence (see the
Setting IGMP Snooping Status per Interface
When IGMP snooping is disabled globally, snooping can still be configured per VLAN interface, but
the interface settings will not take effect until snooping is re-enabled globally.
Proxy Reporting Status
Enables IGMP Snooping with Proxy Reporting. (Default: Disabled)
When proxy reporting is enabled with this command, the switch performs
IGMP Snooping with
Proxy Reporting
(as defined in DSL Forum TR-101, April 2006), including last leave, and query
suppression.
Last leave sends out a proxy query when the last member leaves a multicast group, and query
suppression means that specific queries are not forwarded from an upstream multicast router to
hosts downstream from this device.
When proxy reporting is disabled, all IGMP reports received by the switch are forwarded natively to
the upstream multicast routers.
TCN Flood
Enables flooding of multicast traffic if a spanning tree topology change notification (TCN) occurs.
(Default: Disabled)
When a spanning tree topology change occurs, the multicast membership information learned by
switch may be out of date. For example, a host linked to one port before the topology change (TC)
may be moved to another port after the change. To ensure that multicast data is delivered to all
receivers, by default, a switch in a VLAN (with IGMP snooping enabled) that receives a Bridge
Protocol Data Unit (BPDU) with TC bit set (by the root bridge) will enter into multicast flooding
mode for a period of time until the topology has stabilized and the new locations of all multicast
receivers are learned.
If a topology change notification (TCN) is received, and all the uplink ports are subsequently
deleted, a time out mechanism is used to delete all of the currently learned multicast channels.
When a new uplink port starts up, the switch sends unsolicited reports for all currently learned
channels out the new uplink port.
By default, the switch immediately enters into multicast flooding mode when a spanning tree
topology change occurs. In this mode, multicast traffic will be flooded to all VLAN ports. If many
ports have subscribed to different multicast groups, flooding may cause excessive packet loss on
the link between the switch and the end host. Flooding may be disabled to avoid this, causing
multicast traffic to be delivered only to those ports on which multicast group members have been
learned. Otherwise, the time spent in flooding mode can be manually configured to reduce
excessive loading.
When the spanning tree topology changes, the root bridge sends a proxy query to quickly re-learn
the host membership/port relations for multicast channels. The root bridge also sends an
unsolicited Multicast Router Discover (MRD) request to quickly locate the multicast routers in this
VLAN.
The proxy query and unsolicited MRD request are flooded to all VLAN ports except for the receiving
port when the switch receives such packets.
TCN Query Solicit
Sends out an IGMP general query solicitation when a spanning tree topology change notification
(TCN) occurs. (Default: Disabled)
When the root bridge in a spanning tree receives a TCN for a VLAN where IGMP snooping is
enabled, it issues a global IGMP leave message (or query solicitation). When a switch receives this
solicitation, it floods it to all ports in the VLAN where the spanning tree change occurred. When an
upstream multicast router receives this solicitation, it immediately issues an IGMP general query.
A query solicitation can be sent whenever the switch notices a topology change, even if it is not
the root bridge in spanning tree.
Router Alert Option
Discards any IGMPv2/v3 packets that do not include the Router Alert option. (Default: Disabled)
As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router Alert Option can be used to
protect against DOS attacks. One common method of attack is launched by an intruder who takes
over the role of querier, and starts overloading multicast hosts by sending a large number of group-
and-source- specific queries, each with a large source list and the Maximum Response Time set to
a large value.
To protect against this kind of attack, (1) routers should not forward queries. This is easier to
accomplish if the query carries the Router Alert option. (2) Also, when the switch is acting in the
role of a multicast host (such as when using proxy routing), it should ignore version 2 or 3 queries
that do not contain the Router Alert option.
Unregistered Data Flooring
Floods unregistered multicast traffic into the attached VLAN. (Default: Disabled)
Once the table used to store multicast entries for IGMP snooping and multicast routing is filled, no
new entries are learned. If no router port is configured in the attached VLAN, and unregistered-
flooding is disabled, any subsequent multicast traffic not found in the table is dropped, otherwise it
is flooded throughout the VLAN.