IGMP Snooping

“From now on, all multicast traffic that has destination MAC address 0100.5e01.0101 will only be forwarded on interface Gi0/1, Gi0/4 and the internal interface to the CPU.”

" In the example above we see that R1 is sending 10 Mbps of multicast traffic which is forwarded to H1 and the CPU. Our CPU is unable to process 10 Mbps of traffic so it will choke on it…when this occurs, there’s a couple of things that could occur: "

Why the traffic itself sending to the CPU


Hello Sims

When stating that multicast traffic will be sent to the CPU, it essentially means that any traffic with a destination MAC of 0100.5e01.0101 will not be forwarded directly to any physical ports, but will be further processed to determine where it should go. This is conceptually described as being sent to the INT interface that connects to the CPU.

In essence what is happening is the switch receives multicast traffic and it recognises it as such from the destination MAC address. It knows that such traffic must go to several destinations, but in order to find out where, it goes to the INT interface or to the CPU, and the CPU then determines which interfaces it should go to by looking it up in the CAM table.

Once this is determined, the frames are then sent out the appropriate interfaces according to the CAM table entries found.

I hope this has been helpful!


Hi Rene,

which command can I use to show the multicast mac addresses in CAM table ??

Hi Hussein,

You can try:

R1# show mac address-table multicast vlan 1
 vlan   mac address     type    qos             ports
   1  0100.5e02.0203  static   --  Gi0/1,Gi0/2,Router
   1  0100.5e00.0127  static   --  Gi0/1,Gi0/2,Router
   1  0100.5e00.0128  static   --  Gi0/1,Gi0/2,Router
   1  0100.5e00.0001  static   --  Gi0/1,Gi0/2,Router,Switch

Thanks Rene,

I know this command but it’s only show statically configured mac addresses, what about dynamic learned by igmp snooping ? how can I verify them ? or they are only shown by “show ip igmp snooping groups” command ???

And I have four other questions :-

1- Can you please explain the robustness variable to me ??
The RFC2236 said :-
**“The Robustness Variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the Robustness Variable may be increased. IGMP is robust to (Robustness Variable-1) packet losses. The Robustness Variable MUST NOT be zero, and SHOULD NOT be one. Default: 2”**
I understand that I must increased it when there is a packet loss in a subnet but I did not understand its effect or why must not be zero ??

2- what are the difference between the “show ip IGMP snooping” command and “show ip IGMP snooping detail” command since they are display the same output ??

3- what are the relationship between the TCN and IGMP snooping because I saw configuration part of them in global and per interface ???

4- I saw in the output of “show ip igmp snooping” command that IGMPv3 snooping not supported, how can I enable it or it’s platform dependent ??

Hi Hussein,

You can see the multicast groups with show ip igmp snooping groups but it won’t show the corresponding MAC addresses that are used per group. About your questions:

You can use this if you expect packet loss on your subnet. It changes the interval for some IGMP messages. The downside of changing this is that you increase the leave latency:

* Group member interval: this is the amount of time that the router waits before it determines there are no members left in the group. It is calculated as (robustness variable * query-interval) + (1x query response interval).
* Other querier present interval: the amount of time that a router has to wait before determining there is no other multicast router that is the querier. Calculated as (robustness variable * query interval) + (0.5 x query response interval).
* Last member query count: number of group specific querier that the router sends before it determines there are no members left in the multicast group. The number of queries is equal to the value of the robustness variable.

The reason it can’t be zero is probably because of the last member query count. A setting of 0 would indicate it won’t send any last member query count messages.

That is a good question…I didn’t see this before but you are right, the output is exactly the same. Probably a Cisco IOS quirk…

Before Cisco IOS 12.1(11b)EW, the default behavior of the switch was to flood multicast traffic on all interfaces when it receives a TCN (which indicates a spanning-tree topology change). The idea behind this is that multicast traffic is not interrupted but it can get pretty ugly if you have a lot of multicast traffic which is why there is the no ip igmp snooping tcn flood command.

This command disables the flooding of multicast when a TCN is received, and you can set it per interface.

Hmm I think this depends on the platform and IOS version. I don’t believe there is a separate command to enable/disable IGMPv3 snooping.

1 Like

Thank you very much MR. Rene, I appreciate your efforts and do not know how to reward you.

Dear Sir,
So, The actual Multicast Traffic will forward by Switch using the below table ??

SW# show mac address-table multicast vlan 1
 vlan   mac address     type    qos             ports
   1  0100.5e02.0203  static   --  Gi0/1,Gi0/2,Router
   1  0100.5e00.0127  static   --  Gi0/1,Gi0/2,Router
   1  0100.5e00.0128  static   --  Gi0/1,Gi0/2,Router
   1  0100.5e00.0001  static   --  Gi0/1,Gi0/2,Router,Switch

For Multicast Traffic Normal MAC Table will not use ,right ??

Actually I have a confusion like …
When Router forward a multicast frame towards switch(SW1) with Dst. L3 IP ( & Dst. MAC address 01-00-5e-00-00-01 . Assume H1 is member of Multicast group & H2 is member of Multicast group . So , In this scenario How switch(SW1) decide and forward traffic towards H1 only only

What table will use to forward the frame to H1 only . Not to H2 because its another group member .Thanks


Hello Zaman

Each multicast address corresponds to a particular MAC address. Each MAC address in the CAM table corresponds to a different list of ports, depending on which hosts have sent IGMP messages to and from the router.

Note that the MAC addresses such as 01-00-5e-00-00-01 and others listed in the lesson are special MAC addresses used for particular messages such as IGMP General Query, OSPF, PIM and DVMRP. A switch will “listen in” on the information contained in frames with such MAC address destinations and from this, will create a CAM table that will create a correspondence between multicast IP and MAC addresses. So keep in mind that even if these specialized MAC addresses appear in the CAM table, they correspond to specialized messages and not to any usable multicast group address. It is the information found within these frames that is used to make the appropriate multicast IP to MAC address mappings.

Now to answer your specific question, let’s say that according to the specific CAM table you have above in your post, if you have Multicast group corresponding to MAC 0100.5e02.0203 and corresponding to MAC 0100.5e00.0127. Because in the CAM table, both of these MAC addresses correspond to the same set of ports, namely Gi0/1, 0/2 and Router, this means that both H1 and H2 connected to the Gi ports are members of both groups. If they weren’t, then the ports corresponding to each MAC address would be different.

In order for multicast traffic to be forwarded to H1 only, as you state in your post, then only H1 must be a member of the multicast group, something which is seen as not the case in the above CAM table.

I hope this has been helpful!


Hi Rene,

I would like to know the difference between igmp snooping and igmp snooping proxy.

What is use of using igmp proxy instead of igmp snooping?

Hello Chandan

IGMP snooping and IGMP snooping proxy perform the same functions. The difference is in how it is implemented.

With plain IGMP snooping, all the hosts send their complete membership information to the router in response to queries. The switch receives these responses, updates the database and forwards the reports to the router.

In a network with many hosts, this process may overwhelm the router with reports. When IGMP snooping proxy is enabled, the switch forwards only the first report for a channel to the router and suppresses all other reports for the same channel, thus reducing the number of reports that the router receives. In a sense, it filters out the packets that provide duplicate information to the router, thus delivering only necessary information to the router.

Take a look at page 27-6 in the following Cisco documentation for more details.

I hope this has been helpful!


On most multi-layer switches I’ve seen, IGMP snooping is enabled by default. In a scenario where you have PIM sparse-mode, and default IGMP snooping enabled, would the multi-layer switch overrule the membership report suppression mechanism, when multiple hosts are connected.

Or would functionality be more along the lines of what is described in the Multicast IGMP version 2 Lesson? My confusion lies when both PIM and IGMP snooping both enabled.

Hello Ronald

Imagine that a L3 switch is internally separated into its two components, a router and an L2 switch. If you have multiple VLANs, then you can assume that each VLAN functions as a separate physical switch. By doing this mind exercise, it becomes clearer as to how IGMP snooping and PIM are separated within the logic of the switch. IGMP snooping would occur within each VLAN (or the logically separated switch we imagined) while the PIM mechanisms would occur in the imagined router portion of the device.

A good exercise would also be to view the diagrams in this lesson as single entities (where the switch and router belong to the same device, where the router is actually the SVI of the VLAN in question, and the switch is the sum of all ports on the same VLAN).

So even in a single device, the operation of IGMP snooping and PIM will still be discrete and separate, and would follow the same rules/guidelines laid out in this lesson.

I hope this has been helpful!


You said “In the CAM table above you can see an entry for MAC address 0100.5e01.0101 which corresponds with multicast group The interfaces that were added are for H1, R1 and the internal interface. Why did the switch add the interface of the router in the CAM table?”

How we can see this CAM table in the switch I mean multicast only


Hello Sims

You can view the multicast entries of the CAM table using the following command:

SW1#show mac address-table multicast

I hope this has been helpful!


As Andrew as mentioned above,

Group-Specific Query (GSQ)

  • Not available in IGMP version 1
  • Event-based (when an IGMP Leave Request is received)
  • Group address queried can be targeted to a specific multicast group (not all groups)
  • Default maximum response time = 1 second

The lesson however indicates that an IGMP General Query is sent by the IGMP Querier is response to an IGMP Leave by hosts.

Hello Ronald

Both the lesson, as well as Andrew’s comments are correct. Andrew states that GSQ is:

This means that it will send out a GSQ whenever a leave request is received.

The lesson states the same thing, that:

You can verify this by looking at RFC 2236 which states:

When a Querier receives a Leave Group message for a group that has
group members on the reception interface, it sends [Last Member Query
Count] Group-Specific Queries every [Last Member Query Interval] to
the group being left.

If I have misunderstood your question, please let me know so I can further clarify.

I hope this has been helpful!


Hi Rene/Laz
In the IGMP group leave section, when H1 sends its leave group message to multicast group using destination MAC address 0100.5e00.0002, is that saying it wants to leave ALL multicast groups or does the leave group message specify which group? I’m just thinking of a scenario where a host is listening to more than one multicast group at the same time, if that is possible.

Thanks in advance,

Hello Philip

When a host like H1 sends a leave group message, it will always specify which group it wants to leave. Within the IGMP Group Leave message, there is a field that specifies the specific group. This is important for the reason that you mentioned: because some hosts may be receving multicast traffic from multiple groups.

In the following lesson, you can see some Wireshark captures of IGMP leave group messages where the specific group from which they are leaving is indicated within the IGMP section of the message.

An example can be seen below:

Notice that it is a Leave Group type, and the specific multicast address group of is specified.

I hope this has been helpful!


Hi Laz,

Regarding , can we see this in debug or packet capture how the switch is forwarding the membership report to a router for all the ports.

Yes, only one membership report is forwarded to the router, however this one membership report includes all of the interfaces that want to take part in the multicast group. This is not a form of membership report suppression, because as mentioned in the lesson: