ECS4510 Series CLI Reference Guide-R03

ManualsBrandsEdgecore Networks ManualsEnterpriseL2+ Gigabit Ethernet Stackable Switch

641

642

643

644

645

646

647

648

649

650

Table Of Contents

Chapter 24

| Multicast Filtering Commands

IGMP Snooping

– 648 –

Command Usage

As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router Alert Option

can be used to protect against DOS attacks. One common method of attack is

launched by an intruder who takes over the role of querier, and starts overloading

multicast hosts by sending a large number of group-and-source-specific queries,

each with a large source list and the Maximum Response Time set to a large value.

To protect against this kind of attack, (1) routers should not forward queries. This is

easier to accomplish if the query carries the Router Alert option. (2) Also, when the

switch is acting in the role of a multicast host (such as when using proxy routing), it

should ignore version 2 or 3 queries that do not contain the Router Alert option.

Example

Console(config)#ip igmp snooping router-alert-option-check

Console(config)#

ip igmp snooping

router-port-

expire-time

This command configures the querier timeout. Use the no form to restore the

default.

Syntax

ip igmp snooping router-port-expire-time seconds

no ip igmp snooping router-port-expire-time

seconds - The time the switch waits after the previous querier stops before

it considers it to have expired. (Range: 1-65535;

Recommended Range: 300-500)

Default Setting

300 seconds

Command Mode

Global Configuration

Example

The following shows how to configure the timeout to 400 seconds:

Console(config)#ip igmp snooping router-port-expire-time 400

Console(config)#

ip igmp snooping

tcn-flood

This command enables flooding of multicast traffic if a spanning tree topology

change notification (TCN) occurs. Use the no form to disable flooding.

Syntax

[no] ip igmp snooping tcn-flood