Usage Guidelines

Use the ip igmp access-group command to filter groups from Internet Group Management Protocol (IGMP) reports by use of a standard access list or to filter sources and groups from IGMPv3 reports by use of an extended access list. This command is used to restrict hosts on a subnet to joining only multicast groups that are permitted by a standard IP access list or to restrict hosts on a subnet to membership to only those (S, G) channels that are permitted by an extended IP access list.

IGMP Version 3 (IGMPv3) accommodates extended access lists, which allow you to leverage an important advantage of Source Specific Multicast (SSM) in IPv4, that of basing access on source IP address. Prior to this feature, an IGMP access list accepted only a standard access list, allowing membership reports to be filtered based only on multicast group addresses.

IGMPv3 allows multicast receivers not only to join to groups, but to groups including or excluding sources. For appropriate access control, it is therefore necessary to allow filtering of IGMPv3 messages not only by group addresses reported, but by group and source addresses. IGMP extended access lists introduce this functionality. Using SSM with an IGMP extended access list allows you to permit or deny source S and group G (S, G) in IGMPv3 reports, thereby filtering SSM traffic based on source address, group address, or both.

Source Addresses in IGMPv3 Reports for ASM Groups

Additionally, IGMP extended access lists can be used to permit or filter traffic based on (0.0.0.0, G); that is, (*, G), in IGMP reports that are non-SSM, such as Any Source Multicast (ASM).

Note	The permit and deny statements equivalent to (*, G) are permit host 0.0.0.0 host group-address and deny host 0.0.0.0 host group group-address , respectively.

Filtering applies to IGMPv3 reports for both ASM and SSM groups, but it is most important for SSM groups because multicast routing ignores source addresses in IGMPv3 reports for ASM groups. Source addresses in IGMPv3 membership reports for ASM groups are stored in the IGMP cache (as displayed with the show ip igmp membership command), but PIM-based IP multicast routing considers only the ASM groups reported. Therefore, adding filtering for source addresses for ASM groups impacts only the IGMP cache for ASM groups.

How IGMP Checks an Extended Access List

When an IGMP extended access list is referenced in the ip igmp access-group command on an interface, the (S, G) pairs in the permit and deny statements of the extended access list are matched against the (S, G) pair of the IGMP reports received on the interface. The first part of the extended access list clause controls the source, and the second part of the extended access list clause controls the multicast group.

Specifically, if an IGMP report with (S1, S2...Sn, G) is received, first the group (0, G) is checked against the access list statements. If the group is denied, the entire IGMP report is denied. If the group is permitted, each individual (S, G) pair is checked against the access list. Denied sources are taken out of the IGMP report, thereby denying any sources that match the access list from sending to the group.

Note	The convention (0, G) means (*, G), which is a wildcard source with a multicast group number.

Usage Guidelines

Use the ip igmp explicit-tracking command to enable a multicast router to explicitly track the membership of multicast hosts in a particular multiaccess network. This capability enables the router to track each individual host that is joined to a particular group or channel and to achieve minimal leave latencies when hosts leave a multicast group or channel.

Note

Before configuring the ip igmp explicit-tracking command, IGMP must be enabled (IGMP is enabled by enabling PIM on an interface using the ip pim command). In addition, IGMPv3 should be configured on the interface. To configure IGMPv3, use the ip igmp version 3 command in interface configuration mode.

Note	When explicit tracking is enabled, the router uses more memory than if explicit tracking is disabled because the router must store the membership state of all hosts on the interface.

To monitor the IGMP membership of hosts, use the show ip igmp membership command.

Usage Guidelines

This command and the ip pim neighbor-filter command together enable stub multicast routing. The IGMP host reports and leave messages are forwarded to the IP address specified. The reports are re-sent out the next hop interface toward the IP address, with the source address of that interface. This command enables a type of “dense-mode” join, allowing stub sites not participating in Protocol Independent Multicast (PIM) to indicate membership in IP multicast groups.

Usage Guidelines

This command is required on a downstream router on each interface connected to a potential multicast receiver. The command allows the downstream router to helper IGMP reports received from hosts to an upstream router connected to a unidirectional link (UDL) associated with the configured interface-type and interface-number arguments.

Usage Guidelines

You cannot configure this command in both interface and global configuration mode.

When this command is not configured, the router will send an IGMP group-specific query message upon receipt of an IGMP Version 2 (IGMPv2) group leave message. The router will stop forwarding traffic for that group only if no host replies to the query within the timeout period. The timeout period is determined by the ip igmp last-member-query-interval command and the IGMP robustness variable, which is defined by the IGMP specification. By default, the timeout period in Cisco IOS software is approximately 2.5 seconds.

If this command is configured, the router assumes that only one host has joined the group and stops forwarding the group’s traffic immediately upon receipt of an IGMPv2 group leave message.

Global Configuration Mode

When this command is configured in global configuration mode, it applies to all IGMP-enabled interfaces. Any existing configuration of this command in interface configuration mode will be removed from the configuration. Also, any new configuration of this command in interface configuration mode will be ignored.

Interface Configuration Mode

When this command is configured in interface configuration mode, it applies to an individual interface. Configure this command on an interface if only one IGMP-enabled neighbor is connected to the interface. The neighbor can be either a host or switch running IGMP Snooping. When the ip igmp immediate-leave command is enabled on an interface, the router will not send IGMP group-specific host queries when an IGMP Version 2 leave group message is received from that interface. Instead, the router will immediately remove the interface from the IGMP cache for that group and send Protocol Independent Multicast (PIM) prune messages toward sources if this interface was the last one to join that group.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

If you enter the ip igmp immediate-leave group-list command, you must enter this command in VLAN interface configuration mode only.

Valid values for the acl argument are as follows:

• Access-list number--1 to 99

• Expanded range access-list number--1300 to 1999

• Name of the standard IP access list

You can configure one or the other but not both configuration modes at the same time.

You can enter the acl to restrict the immediate-leave behavior to a simple access list for multicast groups. The IGMP leave-group messages for multicast groups that are not permitted by the acl has the standard inquiry mechanism/leave latency.

Usage Guidelines

Use the ip igmp join-group command to configure an interface on the router to join the specified group or channel. With this method, the router accepts the multicast packets in addition to forwarding them. Accepting the multicast packets prevents the router from fast switching.

In support of the IGMPv3 Host Stack feature, the source keyword and source-address argument were added to the ip igmp join-group command to add INCLUDE mode capability to the IGMPv3 host stack for SSM groups.

The IGMPv3 Host Stack feature enables routers or switches to function as multicast network endpoints or hosts. The feature adds INCLUDE mode capability to the IGMPv3 host stack for SSM groups. Enabling the IGMPv3 host stack ensures that hosts on a LAN can leverage SSM by enabling the router or switch to initiate IGMPv3 joins, such as in environments where fast channel change is required in a SSM deployments.

Note	Multiple ip igmp join-group command configurations with different source addresses for the same group are supported.

When the IGMPv3 Host Stack feature is configured, an IGMPv3 membership report is sent when one of the following events occurs:

• When the ip igmp join-group command is configured for a group and source and there is no existing state for this (S, G) channel, an IGMPv3 report of group record type ALLOW_NEW_SOURCES for the source specified is sent on that interface.

• When the no form of the ip igmp join-group command is configured for a group and source and there is state for this (S, G) channel, an IGMPv3 report of group record type BLOCK_OLD_SOURCES for the source specified is sent on that interface.

• When a query is received, an IGMPv3 report is sent as defined in RFC 3376.

Usage Guidelines

When a router receives an IGMP version 2 (IGMPv2) or IGMP version 3 (IGMPv3) message indicating that a host wants to leave a group, source, or channel, it sends last-member-query-count group- or group-source-specific IGMP query messages at intervals of igmp-last-member-interval milliseconds. If no response is received after this period, the router stops forwarding for the group, source, or channel.

Caution

Do not set the LMQC to 1, because in this situation the loss of a single packet--the query packet from the router to the host or the report packet from the host to the router--may result in traffic forwarding being stopped, even there is still a receiver. Traffic will continue to be forwarded after the next general query sent by the router, but the interval during which a receiver may not receive the query could be as long as 1 minute (with the default query interval).

The leave latency in Cisco IOS software may increase by up to one last member query interval (LMQI) value when the router is processing more than one leave within a LMQI. In this case, the average leave latency is determined by the (LMQC + 0.5) * LMQI. The result is that the default leave latency can range from 2.0 to 3.0 seconds with an average of 2.5 seconds under a higher load of IGMP leave processing. The leave latency under load for the minimum LMQI value of 100 msec and a LMQC of 1 is from 100 to 200 milliseconds, with an average of 150 milliseconds. This is done to limit the impact of higher rates of IGMP leave messages.

If no response is received after this period, the router will stop forwarding traffic for that group, source, or channel only if no host replies to the query within the timeout period. The timeout period is determined by the ip igmp last-member-query-interval and the ip igmp last-member-query-count commands.

Usage Guidelines

When a router receives an IGMP Version 2 (IGMPv2) or IGMP Version 3 (IGMPv3) message indicating that a host wants to leave a group, source, or channel, it sends last-member-query-count group, group-specific, or source-specific IGMP query messages at intervals set by the ip igmp last-member-query-interval command. If no response is received after this period, the router stops forwarding for the group, source, or channel.

The leave latency in Cisco IOS software may increase by up to one last member query interval (LMQI) value when the router is processing more than one leave within a LMQI. In this case, the average leave latency is determined by the (last member query count + 0.5) * LMQI. The result is that the default leave latency can range from 2.0 to 3.0 seconds with an average of 2.5 seconds under a higher load of IGMP leave processing. The leave latency under load for the minimum LMQI value of 100 msec and a last member query count of 1 is from 100 to 200 milliseconds, with an average of 150 milliseconds. This is done to limit the impact of higher rates of IGMP leave messages.

If no response is received after this period, the router will stop forwarding traffic for that group, source, or channel only if no host replies to the query within the timeout period. The timeout period is determined by the ip igmp last-member-query-interval and the ip igmp last-member-query-count commands.

Usage Guidelines

Use this command to configure a global limit on the number of mroute states created as a result of IGMP membership reports (IGMP joins). When configured globally, the limit is referred to as a global IGMP state limiter. Membership reports exceeding the configured limits are not entered into the IGMP cache. This command can be used to prevent DoS attacks.

Note	IGMP state limiters impose limits on the number of mroute states resulting from IGMP, IGMP v3lite, and URL Rendezvous Directory (URD) membership reports on a global or per interface basis.

Use the ip igmp limit (interface) command to configure a per interface limit on the number mroute states created as a result of IGMP membership reports (IGMP joins).

Note	When configuring IGMP state limiters, you can only configure one global limit on a router and one limit per interface.

The mechanics of IGMP state limiters are as follows:

• Each time a router receives an IGMP membership report for a particular group or channel, the Cisco IOS software checks to see if either the limit for the global IGMP state limiter or the limit for the per interface IGMP state limiter has been reached.

  • If only a global IGMP state limiter has been configured and the limit has not been reached, IGMP membership reports are honored. When the configured limit has been reached, subsequent IGMP membership reports are then ignored (dropped) and a warning message in one of the following formats is generated:

%IGMP-6-IGMP_GROUP_LIMIT: IGMP limit exceeded for <group (*, group address)> on <interface type number> by host <ip address>

or

%IGMP-6-IGMP_CHANNEL_LIMIT: IGMP limit exceeded for <channel (source address, group address)> on <interface type number> by host <ip address>

• • If only per interface IGMP state limiters are configured, then each limit is only counted against the interface on which it was configured.
  • If both a global IGMP state limiter and per interface IGMP state limiters are configured, the limits configured for the per interface IGMP state limiters are still enforced but are constrained by the global limit.
• If a per interface IGMP state limiter has been configured using the ip igmp limit (interface) command, the Cisco IOS software also checks to see if an access control list (ACL) is specified (with the optional except keyword and access-list argument) to prevent groups or channels from being counted against the interface limit.

  • If an ACL has been configured and the group or channel in the IGMP membership report matches, then the state for the IGMP membership is counted against the global limit and not the interface limit.
  • If no ACL has been configured, the per interface IGMP state limiter accounts for all IGMP membership reports that do not exceed the configured limit.

Usage Guidelines

Use this command to configure per interface limits on the number mroute states created as a result of IGMP membership reports (IGMP joins). When configured on an interface, the limit is referred to as a per interface IGMP state limiter . Membership reports exceeding the configured limits for the interface are not entered into the IGMP cache. This command can be used to prevent DoS attacks or to provide a multicast Call Admission Control (CAC) mechanism in network environments where all the multicast flows roughly utilize the same amount of bandwidth.

Note	IGMP state limiters impose limits on the number of mroute states resulting from IGMP, IGMP v3lite, and URD membership reports on a global or per interface basis.

For the required number argument, specify a limit on the number of IGMP membership reports that can be cached for the specified interface. The range is from 1 to 64000.

Use the optional except access-list keyword and argument to prevent groups or channels from being counted against the interface limit. A standard or an extended ACL can be specified.

• • A standard ACL can be used to define the (*, G) state to be excluded from the limit on an interface.
  • An extended ACLs can be used to define the (S, G) state to be excluded from the limit on an interface. An extended ACL also can be used to define the (*, G) state to be excluded from the limit on an interface, by specifying 0.0.0.0 for the source address and source wildcard--referred to as (0, G)--in the permit or deny statements that compose the extended access list.

Use the ip igmp limit (global) command to configure a global limit on the number of mroute states created as a result of IGMP membership reports (IGMP joins).

Note	When configuring IGMP state limiters, you can only configure one global limit on a router and one limit per interface.

The mechanics of IGMP state limiters are as follows:

• Each time a router receives an IGMP membership report for a particular group or channel, the Cisco IOS software checks to see if either the limit for the global IGMP state limiter or the limit for the per interface IGMP state limiter has been reached.

  • If only a global IGMP state limiter has been configured and the limit has not been reached, IGMP membership reports are honored. When the configured limit has been reached, subsequent IGMP membership reports are then ignored (dropped) and a warning message in one of the following formats is generated:

%IGMP-6-IGMP_GROUP_LIMIT: IGMP limit exceeded for <group (*, group address)> on <interface type number> by host <ip address>

or

%IGMP-6-IGMP_CHANNEL_LIMIT: IGMP limit exceeded for <channel (source address, group address)> on <interface type number> by host <ip address>

• • If only per interface IGMP state limiters are configured, then each limit is only counted against the interface on which it was configured.
  • If both a global IGMP state limiter and per interface IGMP state limiters are configured, the limits configured for the per interface IGMP state limiters are still enforced but are constrained by the global limit.
• If a per interface IGMP state limiter has been configured using the ip igmp limit (interface) command, the Cisco IOS software also checks to see if an ACL is specified (with the optional except keyword and access-list argument) to prevent groups or channels from being counted against the interface limit.

  • If an ACL has been configured and the group or channel in the IGMP membership report matches, then the state for the IGMP membership is counted against the global limit and not the interface limit.
  • If no ACL has been configured, the per interface IGMP state limiter accounts for all IGMP membership reports that do not exceed the configured limit.

Usage Guidelines

When used with the ip igmp proxy-service interface command, this command enables forwarding of IGMP reports to a proxy service interface for all (*, G) forwarding entries for this interface in the multicast forwarding table.

Usage Guidelines

Based on the Internet Group Management Protocol (IGMP) query interval, the router periodically checks the multicast static route (mroute) table for (*, G) forwarding entries that match interfaces configured with the ip igmp mroute-proxy command. Where there is a match, one IGMP report is created and received on this interface. The ip igmp proxy-service command is intended to be used with the ip igmp helper-address (UDL) command, in which case the IGMP report would be forwarded to an upstream router.

Usage Guidelines

Use the ip igmp querier-timeout command to configure the period of time before the router triggers IGMP querier reelection for the interface. The IGMP querier timeout period applies to routers on the subnet that are not currently acting as the IGMP querier.

By default, a router on the subnet that is not currently acting as the querier waits twice the query interval specified by the ip igmp query-interval command, after which, if it has heard no queries, it triggers IGMP reelection. The router with the lowest IP address on the subnet is elected the IGMP querier.

In Cisco IOS XE 3.1S and earlier releases, the ip igmp querier-timeout command is not written to the configuration if the specified timeout value is equal to the default value of two times the query interval.

In Cisco IOS XE 3.2S and later releases, the ip igmp querier-timeout command is written to the configuration any time that the command is explicitly configured, regardless of the specified timeout value.

We recommend that you do not modify the IGMP query interval and IGMP querier timeout values. However, if you configure the appropriate commands to change the query interval and querier timeout default values, the following conditions apply:

• If you use the ip igmp query-interval command to configure the query interval, the timeout value is automatically adjusted to two times the query interval; the adjusted timeout value, however, is not reflected in the interface configuration.

  Note	To confirm that the timeout value adjusted to two times the modified query interval, use the show ip igmp interface command to display the query interval and timeout values being used for the interface.

• Conversely, if you use the ip igmp querier-timeout command to configure the timeout value, the query interval does not automatically adjust to half of the modified timeout value, so it is possible to override the default timeout period of two times the query interval. If you must configure the timeout period, we recommend that you configure the timeout value in proportion to the query interval value.

• The query interval must be greater than the IGMP maximum query response time. Use the ip igmp max-response-time command to change the max-response-time value from the default (10 seconds) to a specified length of time, if required.

Usage Guidelines

Use the ip igmp query-interval command to configure the frequency at which the IGMP querier sends IGMP host-query messages from an interface. The IGMP querier sends query-host messages to discover which multicast groups have members on the attached networks of the router.

Note	We recommend that you use the default IGMP query interval and timeout period.

The Cisco IOS software uses a default IGMP query interval of 60 seconds, which is different from the RFC standard default of 125 seconds. Using a lower default IGMP query interval of 60 seconds allows routers to stop forwarding traffic faster when a member crashes without sending leaves (in IGMPv2 or IGMPv3 environment), or if using IGMPv1: 3 * 60 seconds versus 3 * 125 seconds.

If a lower version IGMP-enabled interface (that is, an interface running IGMPv1 or v2) receives a higher version IGMP query (IGMPv3) with a different query interval, the following events will occur:

• An error message in the following format will be displayed:

%IGMP-3-QUERY_INT_MISMATCH: Received a non-matching query interval <interval in seconds>, from querier address <ip-address>

• If the query interval on the lower version IGMP-enabled interface has not been modified, the default query interval will appear under its respective interface configuration.

• If the query interval on the IGMP-enabled interface has been modified, the configured query interval will be updated to show the configured query interval under its respective interface configuration.

Note	The show ip igmp interface command displays both the configured query interval and the received query interval in its output.

Be careful when increasing the query interval in an environment with IGMPv2 routers (the default) and Layer 2 (L2) snooping switches: An IGMPv2 snooping switch needs to know the query interval of the IGMP querier, because it is not signaled in IGMP messages (in IGMPv3 it is). The IGMP snooping switch will time out membership state based on what it thinks the query interval is. If the querier uses a query interval larger than what the IGMP snooping switch assumes, then this may lead to an unexpected timeout of multicast state on the IGMP snooping switch.

Note	The default IGMP query interval on Cisco routers of 60 seconds is never an issue with Cisco IGMP snooping switches because they either assume a 60 second-interval or will try to determine the query interval by measuring the interval between IGMP general queries.

Be careful decreasing the query interval because it increases the processing load on the router (total number of IGMP reports received over a period of time)--especially on routers with a large number of interfaces and hosts connected to it (for example, a broadband aggregation router).

We recommend that you do not modify the IGMP query interval and IGMP querier timeout values. However, if you configure the appropriate commands to change the query interval and querier timeout default values, the following conditions apply:

• If you use the ip igmp query-interval command to configure the query interval, the timeout value is automatically adjusted to two times the query interval; the adjusted timeout value, however, is not reflected in the interface configuration.

  Note	To confirm that the timeout value adjusted to two times the modified query interval, use the show ip igmp interface command to display the query interval and timeout values being used for the interface.

• Conversely, if you use the ip igmp querier-timeout command to configure the timeout value, the query interval does not automatically adjust to half of the modified timeout value, so it is possible to override the default timeout period of two times the query interval. If you must configure the timeout period, we recommend that you configure the timeout value in proportion to the query interval value.

• The query interval must be greater than the IGMP maximum query response time. Use the ip igmp max-response-time command to change the max-response-time value from the default (10 seconds) to a specified length of time, if required.

Usage Guidelines

This command is valid only when IGMP Version 2 is running.

This command controls the period during which the responder can respond to an IGMP query message before the router deletes the group.

Usage Guidelines

When IGMP snooping is globally enabled, IGMP snooping is enabled on all existing VLAN interfaces. When IGMP snooping is globally disabled, IGMP snooping is disabled on all existing VLAN interfaces.

When IGMP snooping is globally disabled, IGMP snooping is disabled on all existing bridge domain interfaces. When IGMP snooping is globally enabled, IGMP snooping is enabled on all existing bridge domain interfaces unless IGMP snooping was also explicitly disabled on a specific bridge domain interface. When IGMP snooping is disabled globally and on a specific bridge domain interface, globally enabling IGMP snooping will not enable snooping on the bridge domain interface; it must be explicitly re-enabled on the bridge domain interface.

Use the show ip igmp snooping privileged EXEC command to verify your IGMP settings.

The configuration is saved in NVRAM.

For Cisco 7600 series routers: Before you can enable IGMP snooping for Cisco 7600 series routers, you must configure the VLAN interface for multicast routing.

Usage Guidelines

To globally enforce snooping check, use this command in global configuration mode. To enforce snooping check on a specific bridge-domain interface, use this command in bridge domain configuration mode.

Usage Guidelines

IGMP filtering allows you to configure filters on a per-port basis or a per-Switched Virtual Interface (SVI) basis, or both, or on a per-bridge domain basis or per-Ethernet Flow Point (EFP) basis.

IGMP filtering is supported for IPv4 only.

You can list several groups or channels if you configure multiple access control entries in the access control list. Depending on the permit and deny statements in the ACL configuration, the corresponding group or channel is allowed or denied. The ACL you specify can be a simple or an extended ACL.

This command can be entered as follows:

• Per SVI as a default filter for all switch ports in access mode under that SVI and for all trunk ports that carry the corresponding VLAN for that VLAN only.

• Per switch port:

  • If the switch port is in access mode, this filter overrides any default SVI filter.
  • If the switch port is in trunk mode, this filter acts as a default for all VLANs on that trunk and overrides any default SVI filter.
• Per Layer 2-VLAN:

  • If the switch port is a trunk port, this filter applies only to IGMP packets arriving on the specified Layer 2 VLAN.
  • If the switch port is in trunk mode, this filter overrides any trunk default filter.

• Per-bridge domain for EVC-based IGMP snooping in Cisco IOS XE Release 3.5S and later releases.

• Per- EFP for EVC-based IGMP snooping in Cisco IOS XE Release 3.5S and later releases.

Usage Guidelines

Use this command in the interface configuration mode to enable explicit tracking on a VLAN. Use this command in the bridge domain configuration mode to enable explicit tracking on a bridge domain interface.

Disabling explicit tracking disables fast-leave processing and proxy reporting.

Explicit host tracking is supported only with IGMPv3 hosts.

Usage Guidelines

Use this command in global configuration mode to limit the number of reports in all explicit host-tracking databases for all interfaces on which explicit tracking is enabled for EVC-based IGMP snooping. Use this command in bridge domain configuration mode to limit the number of reports in an explicit host-tracking database for the bridge domain interface being configured.

When the explicit-tracking database exceeds the configured maximum number of reports, a syslog message is generated.

When you reduce the limit, the explicit-tracking database does not decrease in size immediately. The explicit-tracking database gradually shrinks as reporters time out.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 720.

Enter this command in VLAN interface configuration mode only.

Note	Fast-leave processing is enabled by default. To disable fast-leave processing, you must enter the no ip igmp snooping fast-leave command to disable fast-leave processing.

You should use the IGMPv3-snooping fast-leave processing when there is a single receiver for the MAC group for a specific VLAN.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

This command is supported on source-only VLANs.

You can enter 0 seconds to disable flooding. If you enter a maximum of 86400 seconds, flooding would occur once every 24 hours.

Usage Guidelines

Use this command to enable IGMPv2 immediate-leave processing on the bridge-domain interface being configured.

Immediate-leave processing is supported only with IGMPv2 hosts.

IGMP snooping immediate-leave processing allows the bridge domain interface to remove a host from the forwarding-table entry without first sending group-specific queries. The host is pruned from the multicast tree for the multicast group specified in the original leave message. Immediate-leave processing ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are in use simultaneously.

Use immediate-leave processing only on bridge domains where only one host is connected to each interface. If immediate-leave is enabled in bridge domains where more than one host is connected to an interface, some hosts might be dropped inadvertently.

When both immediate-leave processing and the last-member-query-count are configured, immediate-leave processing takes precedence.

The immediate-leave configuration is saved in NVRAM.

Usage Guidelines

When a multicast host leaves a group, the host sends an IGMP leave. To check if this host is the last to leave the group, IGMP queries are sent when the leave is seen until the last-member-query-interval timeout period expires. If no response to the last-member queries are received before the timeout period expires, the group record is deleted.

Use the ip igmp snooping last-member-query-interval command to configure the timeout period.

When both IGMP snooping immediate-leave processing and the query count are configured, immediate-leave processing takes precedence.

Caution

Do not set the count to 1, because in this situation the loss of a single packet—the query packet from the router to the host or the report packet from the host to the router—may result in traffic forwarding being stopped, even if there is still a receiver. Traffic will continue to be forwarded after the next general query sent by the router, but the interval during which a receiver may not receive the query could be as long as 1 minute (with the default query interval).

The leave latency in Cisco IOS software may increase by up to one last-member-query-interval (LMQI) value when the router is processing more than one leave within a LMQI. In this case, the average leave latency is determined by the (count + 0.5) * LMQI. The result is that the default leave latency can range from 2.0 to 3.0 seconds with an average of 2.5 seconds under a higher load of IGMP leave processing. The leave latency under load for the minimum LMQI value of 100 milliseconds and a count of 1 is from 100 to 200 milliseconds, with an average of 150 milliseconds. This is done to limit the impact of higher rates of IGMP leave messages.

Usage Guidelines

When a multicast host leaves a group, the host sends an IGMP leave. To check if this host is the last to leave the group, an IGMP query is sent out when the leave is seen and a timer is started. If no reports are received before the timer expires, the group record is deleted.

Use the ip igmp snooping last-member-query-count command to specify how often an IGMP query is sent in response to receiving an IGMP leave message.

The interval is the actual time that the Cisco 7600 series router waits for a response for the group-specific query.

If you enter an interval that is not a multiple of 100, the interval is rounded to the next lowest multiple of 100. For example, if you enter 999, the interval is rounded down to 900 milliseconds.

If you enable IGMP fast-leave processing and you enter the no igmp snooping last-member-query-interval command, the interval is set to 0 seconds; fast-leave processing always assumes higher priority.

Even though the valid interval range is 100 to 1000 milliseconds, you cannot enter a value of 1000. If you want this value, you must enter the no ip igmp snooping last-member-query-interval command to return to the default value (1000 milliseconds).

Usage Guidelines

Note	If joins are received for (*,G1) and (S1,G1) on the same interface, these joins are counted as two separate joins. If the limit on an interface has been set to two, and the joins are received for (*,G1) and (S1,G1), all other joins (for groups/channels different from these two) are discarded.

IGMP filtering allows you to configure filters on a per-port basis, a per-Switched Virtual Interface (SVI) basis, or both for PM-based IGMP Snooping, or on a per-bridge domain or per-EFP basis for EVC-based IGMP Snooping.

IGMP filtering is supported for IPv4 only.

You can enter this command based on the following:

• Per-SVI basis.

• Per-Layer 2-switchport basis.

• Per-Layer 2-VLAN basis. The vlan keyword allows you to apply the filter only to the IGMP packets arriving on the specified Layer 2 VLAN if the switch port is a trunk port.

• Per-SVI basis as a default filter for all switch ports in access mode under that SVI and for all trunk ports that carry the corresponding VLAN for that VLAN only.

• Per-switch port basis as follows:

  • If the switch port is in access mode, this filter overrides any default SVI filter.
  • If the switch port is in trunk mode, this filter acts as a default for all VLANs on that trunk and overrides any default SVI filter.

• Per-Layer 2-VLAN basis. The filter applies only if the switch port is in trunk mode, and overrides any trunk default filter.

• Per-bridge domain basis for EVC-based IGMP Snooping in Cisco IOS XE Release 3.5S and later releases.

• Per-EFP basis for EVC-based IGMP Snooping in Cisco IOS XE Release 3.5S and later releases.

Usage Guidelines

Each entry in the explicit-tracking database is identified by the source IP, group IP, port, VLAN, and reporter IP.

When you set the max-entries to 0 , explicit-tracking is disabled.

When the explicit-tracking database exceeds the configured max-entries , a syslog message is generated.

When you reduce the max-entries , the explicit-tracking database does not decrease in size immediately. The explicit-tracking database gradually shrinks as reporters time out.

Usage Guidelines

This command is allowed on a per-switched virtual interface (SVI) basis and a per-bridge domain interface basis.

Usage Guidelines

The valid values for interface include the ge-wan , atm , and pos keywords that are supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

Enter this command in VLAN interface configuration mode only.

The interface to the router must be in the VLAN where you are entering the command, the interface must be administratively up, and the line protocol must be up.

The number argument designates the module and port number. Valid values for number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for the port number are from 1 to 48.

The CGMP learning method can decrease control traffic.

The learning method that you configure is saved in NVRAM.

Static connections to multicast routers are supported only on switch ports.

Usage Guidelines

Enter this command in VLAN interface configuration mode only.

You enable IGMP snooping on the Cisco 7600 series router, and disable PIM on the VLAN.

Configure the VLAN in global configuration mode.

Configure an IP address on the VLAN interface. When enabled, the IGMP-snooping querier uses the IP address as the query source address. If no IP address is configured on the VLAN interface, the IGMP-snooping querier does not start. The IGMP-snooping querier disables itself if you clear the IP address. When enabled, the IGMP-snooping querier restarts if you configure an IP address.

The IGMP-snooping querier supports IGMPv2.

When enabled, the IGMP-snooping querier does the following:

• Does not start if it detects IGMP traffic from a multicast router.

• Starts after 60 seconds when no IGMP traffic is detected from a multicast router.

• Disables itself if it detects IGMP traffic from a multicast router.

QoS does not support IGMP packets when IGMP snooping is enabled.

You can enable the IGMP-snooping querier on all the Cisco 7600 series routers in the VLAN. One Cisco 7600 series router is elected as the querier.

If multicast routers are not present on the VLAN or subnet, the Cisco 7600 series router becomes the IGMP querier for the VLAN when you enable the IGMP-snooping querier.

If you disable the IGMP-snooping querier, IGMP snooping functions only when you configure PIM in the subnet.

You can enter the ip igmp snooping querier command at any time, but the IGMP-snooping querier starts only when no other multicast routers are present in the VLAN or subnet.

You can use this command as an alternative to configuring PIM in a subnet; use this command when the multicast traffic does not need to be routed but you would like support for IGMP snooping on Layer 2 interfaces in your network.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

Usage Guidelines

Use this command to enable report supression for all host reports responding to a general query or for all host reports on an interface or a bridge domain.

When you enable report suppression for all host reports responding to a general query, IP IGMP snooping forwards the first report only and suppresses the remaining reports to constrain IGMP traffic to the multicast router.

Usage Guidelines

The robustness variable is the integer used by IGMP snooping during calcualtions for IGMP messages. The robustness variable provides fine tuning to allow for expected packet loss. The recommended value for the robustness variable is 2.

Use this command to change the value of the robustness variable for IGMP snooping from the default (2) to the specified value.

Usage Guidelines

There are two source-only timers that run in an alternating fashion; the source_only_age_timer and the source_only_delete_timer. The value that you configure by entering the ip igmp snooping source-only-learning age-timer command sets the source_only_age_timer. The source_only_delete_timer has a fixed, nonconfigurable value of 5 minutes (300 seconds).

The expiration of one timer starts the other timer. At any time, only one timer is running.

Setting the age-timer to 0 stops the flooding in the source-only VLAN.

Note	Setting the age-timer to a nonzero value causes flooding to occur every x (configured value) + 5 minutes (source_only_delete_timer) interval.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

When you configure SSM-safe reporting, IGMPv3 becomes the group mode in the Cisco 7600 series router or the router even in the presence of IGMPv2 hosts.

A Layer-3 SVI must be configured for any Layer 2 VLAN that supports mixed-IGMPv3 receivers.

Within an SSM group, an IGMPv2 host does not receive the requested traffic until an IGMPv3 host that is connected to the same Cisco 7600 series router is receiving the same group traffic. When the last IGMPv3 host leaves the group, the IGMPv2 host stops receiving traffic for that group.

Usage Guidelines

Hosts normally join multicast groups dynamically, but you can configure a host statically for a Layer 2 LAN port. Use this command is to configure a static connection to a multicast router.

You can configure up to eight individual ports at a time using this command. Multiple ports to be configured need only be separated by a space and must include a member-number .

The static ports and groups are saved in NVRAM.

The keywords for this command are not case sensitive. The keywords in online help contain uppercase letters to enhance readability only.

Configuring a service instance on a Layer 2 port creates a pseudoport or Ethernet Flow Point (EFP) on which you configure Ethernet Virtual Connection (EVC) features.

Usage Guidelines

Use this command to disable or enable TCN flooding on an EFP. TCN flooding is enabled on all EFPs by default.

The Spanning Tree Protocol (STP) operates on the virtual port level. When a virtual port receives a TCN event, all EFPs that operate under that virtual port are identified, along with the bridge domain to which the EFP belongs. Flooding is started to all EFPs on the bridge domain except the ones on which TCN flooding is explicitly disabled. This flooding can exceed the capacity of the virtual port and cause packet loss. Use the no ip igmp snooping tcn flood command to disable the flooding of multicast traffic on an EFP during a spanning-tree TCN event .

Usage Guidelines

Use this command to change the value of query count from the default (2) to the specified number of queries, after which the flood mode for a TCN event is stopped .

Usage Guidelines

When a spanning-tree root router receives a topology change on an IGMP snooping-enabled interface, it issues a query solicitation that causes a Cisco IOS router to send one or more general queries.

Use this command to cause a multicast router to send a query solicitation whenever it notices a topology change, even if that router is not the spanning-tree root.

Usage Guidelines

This command automatically configures the VLAN if it is not already configured. The configuration is saved in NVRAM.

Usage Guidelines

Use Immediate-Leave processing only when there is only one IP multicast receiver present on every port in the VLAN. The Immediate-Leave configuration is saved in NVRAM.

Immediate-Leave processing is supported only with IGMP version 2 hosts.

Usage Guidelines

The configured learning method is saved in NVRAM.

Static connections to multicast routers are supported only on switch ports.

Usage Guidelines

This command is used to statically configure the IP multicast group member ports.

The static ports and groups are saved in NVRAM.

Static connections to multicast routers are supported only on switch ports.

Use the show mac-address-table multicast privileged EXEC command to verify your Layer 2 multicast entries.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

By default, the locally configured static SSM mappings and the DNS server are queried. Local configured mappings have priority over dynamic mappings. If a DNS server is not available, you may want to disable DNS server lookups. To disable DNS lookups, use the no ip igmp ssm-map query dns command.

If a DNS server is not available, a locally configured static SSM mapping database is used to query. A database query uses the group address and receives the source list in return. As soon as the static SSM mappings are configured, the maps are used for the lookups. To build a static SSM mappings database, use the following commands:

ip igmp ssm-map static acl-1 source-1-ip-address

ip igmp ssm-map static acl-2 source-2-ip-address

The ACL specifies the group or groups that have to be mapped to the listed source. Because the content servers may send out more then one stream with the same source address, the access list is used to group the multicast destination addresses together. You can use wildcards if the addresses are contiguous.

If multiple sources have to be joined for a multicast group address, you must place the group in all ACLs that are associated with the source address. In the example above, if group G must join sources 1 and 2, the group address must be placed in both acl-1 and acl-2.

When you enable SSM mapping using the ip igmp ssm-map enable command, but the source mapping list is empty for the group, enter the no ip igmp ssm-map query dns command. The ip igmp ssm-map enable command is supported on statically configured SSM-mapped source entries only.

Usage Guidelines

Use this command to enable SSM mapping for groups in the configured SSM range. SSM mapping is applied only to received Internet Group Management Protocol (IGMP) version 1 or IGMP version 2 membership reports.

SSM mapping is compatible with URL Rendezvous Directory (URD) and IGMPv3 lite. SSM mapping is needed only in the router connecting to the receivers. No support is needed in any other routers in the network. SSM mapping can be configured only globally and cannot be configured per interface.

Use the vrf vrf-name keyword and argument to enable SSM mapping for a particular VRF.

Usage Guidelines

Use this command to enable DNS-based SSM mapping. Disable DNS-based SSM mapping if you want to rely only on statically configured SSM mapping. By default, the router will use both DNS-based SSM mapping and statically configured SSM mapping. If DNS-based SSM mapping is not explicitly disabled, the router will first try to find any statically mapped sources for the group and, if it does not find any, will use DNS-based SSM mapping.

This command is enabled by default when the ip igmp ssm-map enable command is configured. Use the no ip igmp ssm-map query dns command to disable DNS-based SSM mapping. When DNS-based SSM mapping is disabled, SSM mapping is performed only on SSM sources mapped by the ip igmp ssm-map static command.

To configure DNS-based SSM mapping, the router needs to find at least one correctly configured DNS server. The router can discover the DNS server by configuring the ip name-server global configuration command or by being directly connected to the DNS server.

Note	It is recommended to always configure the IP addresses of the DNS servers with the ip name-server command to prevent the router from sending each DNS query broadcast to all connected interfaces.

Only the no form of this command is saved to the running configuration.

Use the vrf vrf-name keyword and argument to enable DNS-based SSM mapping for a particular VRF.

Usage Guidelines

Use the ip igmp ssm-map static command to configure static SSM mappings. Before configuring static SSM mappings, you must first globally enable SSM mapping with the ip igmp ssm-map enable command. When static SSM mappings are configured and the router receives an Internet Group Management Protocol (IGMP) membership report for a group G in the configured SSM range, the router tries to determine the source address or addresses associated with the group G by walking the configured ip igmp ssm-map static commands. If the group G matches the ACL in a configured static SSM mapping, then the source address (specified for the source-address argument in the ip igmp ssm-map static command) associated with the SSM mapping is statically mapped to the group G. If multiple static SSM mappings are configured, and a group G is permitted by multiple ACLs, the source addresses associated with all matching ACLs in configured SSM mappings are used (that is, the group G is statically mapped to those sources). The maximum number of configured static SSM mappings for each group is 20.

When both static SSM mappings and Domain Name System (DNS) SSM mappings are configured, static SSM mappings take precedence over the DNS mappings. If a router receives an IGMP membership report for a group G that does not match any of ACLs configured in static SSM mappings, the router then will revert to querying the DNS for the address mapping.

Use the vrf vrf-name keyword and argument to configure SSM static mapping for a particular MVRF.