Web Management Guide-R05
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Configuring CPU Guard
- Displaying Memory Utilization
- Resetting the System
- Using Cloud Management
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA (Authentication, Authorization and Accounting)
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- DHCP Snooping
- IPv4 Source Guard
- ARP Inspection
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Setting Community Access Strings
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- Setting a Time Range
- LBD Configuration
- Smart Pair Configuration
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Query Packets and Multicast Data
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Filtering and Throttling MLD Groups
- Filtering MLD Query Packets on an Interface
- IP Tools
- IP Configuration
- General IP Routing
- Unicast Routing
- Overview
- Configuring the Routing Information Protocol
- Configuring General Protocol Settings
- Clearing Entries from the Routing Table
- Specifying Network Interfaces
- Specifying Passive Interfaces
- Specifying Static Neighbors
- Configuring Route Redistribution
- Specifying an Administrative Distance
- Configuring Network Interfaces for RIP
- Displaying RIP Interface Settings
- Displaying Peer Router Information
- Resetting RIP Statistics
- IP Services
- Appendices
- Glossary
- Index
Chapter 14
| Multicast Filtering
Layer 2 IGMP (Snooping and Query for IPv4)
– 422 –
multicast router receives this solicitation, it immediately issues an IGMP general
query.
A query solicitation can be sent whenever the switch notices a topology
change, even if it is not the root bridge in spanning tree.
◆ Router Alert Option – Discards any IGMPv2/v3 packets that do not include the
Router Alert option. (Default: Disabled)
As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router Alert
Option can be used to protect against DOS attacks. One common method of
attack is launched by an intruder who takes over the role of querier, and starts
overloading multicast hosts by sending a large number of group-and-source-
specific queries, each with a large source list and the Maximum Response Time
set to a large value.
To protect against this kind of attack, (1) routers should not forward queries.
This is easier to accomplish if the query carries the Router Alert option. (2) Also,
when the switch is acting in the role of a multicast host (such as when using
proxy routing), it should ignore version 2 or 3 queries that do not contain the
Router Alert option.
◆ Unregistered Data Flooding – Floods unregistered multicast traffic into the
attached VLAN. (Default: Disabled)
Once the table used to store multicast entries for IGMP snooping and multicast
routing is filled, no new entries are learned. If no router port is configured in the
attached VLAN, and unregistered-flooding is disabled, any subsequent
multicast traffic not found in the table is dropped, otherwise it is flooded
throughout the VLAN.
◆ Forwarding Priority – Assigns a CoS priority to all multicast traffic. (Range: 0-7,
where 7 is the highest priority; Default: Disabled)
This parameter can be used to set a high priority for low-latency multicast
traffic such as a video-conference, or to set a low priority for normal multicast
traffic not sensitive to latency.
◆ Version Exclusive – Discards any received IGMP messages which use a version
different to that currently configured by the IGMP Version attribute. (Default:
Disabled)
◆ IGMP Unsolicited Report Interval – Specifies how often the upstream
interface should transmit unsolicited IGMP reports when proxy reporting is
enabled. (Range: 1-65535 seconds, Default: 400 seconds)
When a new upstream interface (that is, uplink port) starts up, the switch sends
unsolicited reports for all currently learned multicast channels via the new
upstream interface.
This command only applies when proxy reporting is enabled.