IGMP Filter

ReneMolenaar · December 29, 2016, 9:25pm

This topic is to discuss the following lesson:

stlourenco · January 3, 2017, 11:52pm

What would be the utility of this in real life?

lagapidis · January 8, 2017, 5:32pm

Hello Stefanio

There are several reasons why we would want to filter IGMP packets. The most basic and important reason is to allow for a network to function more efficiently. The details follow:

IGMP filtering allows users to configure filters on a switch virtual interface (SVI), a per-port, or a per-port per-VLAN basis to control the propagation of IGMP traffic through the network. By managing the IGMP traffic, IGMP filtering provides the capability to manage IGMP snooping, which in turn controls the forwarding of multicast traffic.

When an IGMP packet is received, IGMP filtering uses the filters configured by the user to determine whether the IGMP packet should be discarded or allowed to be processed by the existing IGMP snooping configuration.

The major purpose of this is to reduce the number of packets that have to be processed by network and end devices and as a result free up their resources and make the network more efficient.

I hope this has been helpful!

Laz

jrivasaquice · February 27, 2017, 1:07am

Hello Rene

I have a simple question about this topic. About Router filter, its only when you want to block from this net to another upstream router, cause i can see if source and destination is in the same net (this example) they can forward traffic normaly or in some way router gives this information to switch to not consider this blocked multicast group. Thnkas for your asnwer.

Jose

lagapidis · March 1, 2017, 9:32am

Hello Jose

The IGMP filter function can be configured on both a router and a switch. When configured on a router, then yes, only multicast traffic between subnets are filtered. If you want to filter within the same subnet, then switches that have IGMP Snooping Filter capability can filter multicast traffic at ports, VLANs or SVIs.

There is no communication between the router and the switch for such configurations. Each device is configured independently.

I hope this has been helpful!

Laz

jrivasaquice · March 4, 2017, 3:19pm

Lazaros thanks for your answer!

chrisnewnham17 · June 12, 2017, 12:50pm

According to Official Cert Guide, you can also filter IGMPv1 messages via the filter. How do you do this?

lagapidis · June 16, 2017, 7:41am

Hello Chris

According to Cisco:

Filtering on the IGMP protocol allows you to configure the minimum version of IGMP hosts allowed on the SVI. For example, you may want to disallow all IGMPv1 hosts (such as, allow a minimum IGMP version of 2) or all IGMPv1 and IGMPv2 hosts (such as, allow a minimum IGMP version of 3). This filtering applies only to membership reports.

To configure filtering on the IGMP protocol, use the following CLI command:

ip igmp snooping minimum-version 2 | 3

This filter is only configurable on a Layer 3 SVI as a default filter for all ports in access mode under that SVI and for the corresponding VLAN on all trunk ports.

This has been taken from this Cisco documentation.

I hope this has been helpful!

Laz

Deep · March 4, 2018, 1:59am

How exactly is this filtering efficient than SSM? Understand later is for v3 only. This implies denial on control plane itself rather than data plane for SSM?

ReneMolenaar · March 19, 2018, 11:32am

Hi Deep,

With SSM, you can filter specific sources. IGMP filter is still useful to filter the multicast groups themselves, and it works for any IGMP version.

Rene

akashsharma1536 · January 17, 2020, 8:11pm

Hi sir,

I have a question about DHCP and how can we say DHCP work in application layer i mean what is the main reason or basis.

lagapidis · January 19, 2020, 3:56pm

Hello Akash

DHCP is a protocol that is used to provide IP addresses (Layer 3) to hosts, and it does this by creating a database of leased addresses, to which MAC addresses (Layer 2) are mapped. The protocol itself deals with Layer 2 and Layer 3 addressing, but the mechanisms by which DHCP performs this function include the Transport Layer and the Application Layer.

If you take a look at any type of DHCP message in Wireshark (Discover, Offer, ACK, or Request) you will see that it has a component within the Transport and Application Layer as well. The following is a screenshot of a Wireshark analysis of a DHCP Discover message. You can see that there is an Ethernet componant, an IP component, as well as a UDP componant (Layer 4) and a component that uses the Bootstrap Protocol, which is essentially DHCP, and this resides at the Application Layer.

So you see, the protocol serves the needs of Layer 3 addressing, but it itself has components in both Layer 4 and the Application Layer.

You can see a more detailed explanation of DHCP and the description of the functionality of these layers and how they work in the following lesson:

I hope this has been helpful!

Laz

jbneteng · November 3, 2020, 3:53pm

Hi Rene, concerning the Filtering of IGMP on the Router. I was wondering why the Access-list shows (2) matches when denying the Multicast Group? I would expect (1) match, unless there are multiple attempts to send traffic to this group.

lagapidis · November 5, 2020, 9:53am

Hello Joe

Yes, you are correct, there should be only a single match for a single report sent to the multicast group. It seems that while Rene was doing the lab he may have initiated the specific attempt twice, or have waited long enough for a second report to be sent by the host. In any case, you can also see two matches to the 224.0.0.0 entry in the access list which indicates that there were some leave group messages sent as well. I will ask Rene to confirm this and get back to you.

I hope this has been helpful!

Laz

jbneteng · November 5, 2020, 4:14pm

Hi Laz,

Thank you for your response, and clear explanation. I wait for Rene’s confirmation.

Thanks much,

Joe Boisseau

ReneMolenaar · November 9, 2020, 3:41pm

Hello @jbneteng,

You’ll see a single match for one report. I changed it in the lesson to 1 match to avoid confusion

Rene

jbneteng · November 9, 2020, 8:05pm

Hi Rene,

Outstanding, your attention to detail and accuracy is what separates your training from others. I’ve noticed how you’ve taken various networking technologies, and explained how they work in a clear and simple matter, which has made it easy to learn, recall and explain to others. Thank you for your insight.

Joe B.

Eyad · December 22, 2020, 6:00pm

Laz, I was unable to use the ip igmp filter 1 command on my cisco 4500 switch. It’s not available on the interface nor on the SVI. Any idea? Thanks!

vb.tit08 · December 23, 2020, 5:07pm

hello Lazaros Agapides,

i have a question regarding igmp filtering . I have a layer-3 switch (cisco 4503) , and want to permit some of the outgoing igmp traffic and bloc rest of the igmp, I created an extended access-list with permit statement permit igmp host 172.201.1.40 host 239.10.10.1 where 172.201.1.40 is our receiver who wants to join 239.10.10.1. i applied the outbound access-list on a g0/1/0 port which is on vlan 2, when i am using show access-list command its not showing any matches. i

lagapidis · December 24, 2020, 8:55am

Hello Eyad

This Cisco documentation states the following:

You can apply IGMP profiles to Layer 2 ports only. You cannot apply IGMP profiles to routed ports (or SVIs) or to ports that belong to an EtherChannel port group.

The 4500, although a Layer 3 switch, does not support the application of an IGMP filter on a Layer 3 interface.

I hope this has been helpful!

Laz