- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Ugrade (eFSU)
- NSF with SSO Supervisor Engine Redundancy
- RPR Supervisor Engine Redundancy
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Power Management and Environmental Monitoring
- EnergyWise
- Online Diagnostics
- Onboard Failure Logging
- Switch Fabric Functionality
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Ports
- Flex Links
- EtherChannels
- mLACP for Server Access
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- STP and MST
- Optional STP Features
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- L2VPN Advanced VPLS (A-VPLS)
- IP Unicast Layer 3 Switching
- IPv6 Multicast Layer 3 Switching
- MLD Snooping for IPv6 Multicast Traffic
- IPv4 Multicast Layer 3 Switching
- IGMP Snooping and MVR for IPv4 Multicast Traffic
- Configuring MVR for IPv4 Multicast Traffic
- IPv4 IGMP Filtering and Router Guard
- PIM Snooping
- IPv4 Multicast VPN Support
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Network Security
- AutoSecure
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- Port ACLs (PACLs) and VLAN ACLs (VACLs)
- Denial of Service Protection
- Control Plane Policing (CoPP)
- DHCP Snooping
- IP Source Guard
- Dynamic ARP Inspection
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- Network Admission Control (NAC)
- IEEE 802.1X Port-Based Authentication
- Web-Based Authentication
- Port Security
- NetFlow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- Ethernet Services Line Cards
- Online Diagnostic Tests
- Acronyms
- Understanding MLD Snooping
- Default MLD Snooping Configuration
- MLD Snooping Configuration Guidelines and Restrictions
- MLD Snooping Querier Configuration Guidelines and Restrictions
- Enabling the MLD Snooping Querier
- Configuring MLD Snooping
- Enabling MLD Snooping
- Configuring a Static Connection to a Multicast Receiver
- Configuring a Multicast Router Port Statically
- Configuring the MLD Snooping Query Interval
- Enabling Fast-Leave Processing
- Enabling SSM Safe Reporting
- Configuring Explicit Host Tracking
- Configuring Report Suppression
- Displaying MLD Snooping Information
Configuring MLD Snooping for IPv6 Multicast Traffic
This chapter describes how to configure Multicast Listener Discovery (MLD) snooping for IPv6 multicast traffic in Cisco IOS Release 12.2SX.
Note ● For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Master Command List, at this URL:
http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
- To constrain IPv4 multicast traffic, see Chapter38, “Configuring IGMP Snooping for IPv4 Multicast Traffic”
- PFC3C and PFC3CXL modes support MLD version 1 (MLDv1) and MLD version 2 (MLDv2).
- These modes support only MLD version 2 (MLDv2):
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Understanding MLD Snooping
These sections describe MLD snooping:
- MLD Snooping Overview
- MLD Messages
- Source-Based Filtering
- Explicit Host Tracking
- MLD Snooping Proxy Reporting
- Joining an IPv6 Multicast Group
- Leaving a Multicast Group
- Understanding the MLD Snooping Querier
MLD Snooping Overview
MLD snooping allows the switch to examine MLD packets and make forwarding decisions based on their content.
You can configure the switch to use MLD snooping in subnets that receive MLD queries from either MLD or the MLD snooping querier. MLD snooping constrains IPv6 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv6 multicast traffic only to those ports that want to receive it.
MLD, which runs at Layer 3 on a multicast router, generates Layer 3 MLD queries in subnets where the multicast traffic needs to be routed. For information about MLD, see this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/12-2sx/ipv6-12-2sx-book.html
You can configure the MLD snooping querier on the switch to support MLD snooping in subnets that do not have any multicast router interfaces. For more information about the MLD snooping querier, see the “Enabling the MLD Snooping Querier” section.
MLD (on a multicast router) or, locally, the MLD snooping querier, sends out periodic general MLD queries that the switch forwards through all ports in the VLAN, and to which hosts respond. MLD snooping monitors the Layer 3 MLD traffic.
Note PFC/DFC 3C/3CXL supports source-only Layer 2 entries, but PFC/DFC 3B/3BXL does not support source-only Layer 2 entries and therefore IPv6 multicast flooding cannot be prevented in a source-only network.
Note If a multicast group has only sources and no receivers in a VLAN, MLD snooping constrains the multicast traffic to only the multicast router ports.
MLD Messages
– General query—Sent by a multicast router to learn which multicast addresses have listeners.
– Multicast address specific query—Sent by a multicast router to learn if a particular multicast address has any listeners.
– Multicast address and source specific query—Sent by a multicast router to learn if any of the sources from the specified list for the particular multicast address has any listeners.
– Current state record (solicited)—Sent by a host in response to a query to specify the INCLUDE or EXCLUDE mode for every multicast group in which the host is interested.
– Filter mode change record (unsolicited)—Sent by a host to change the INCLUDE or EXCLUDE mode of one or more multicast groups.
– Source list change record (unsolicited)—Sent by a host to change information about multicast sources.
Source-Based Filtering
MLD uses source-based filtering, which enables hosts and routers to specify which multicast sources should be allowed or blocked for a specific multicast group. Source-based filtering either allows or blocks traffic based on the following information in MLD messages:
Because the Layer 2 table is (MAC-group, VLAN) based, with MLD hosts it is preferable to have only a single multicast source per MAC-group.
Note Source-based filtering is not supported in hardware. The states are maintained only in software and used for explicit host tracking and statistics collection.
Explicit Host Tracking
MLD supports explicit tracking of membership information on any port. The explicit-tracking database is used for fast-leave processing, proxy reporting, and statistics collection. When explicit tracking is enabled on a VLAN, the MLD snooping software processes the MLD report it receives from a host and builds an explicit-tracking database that contains the following information:
- The port connected to the host
- The channels reported by the host
- The filter mode for each group reported by the host
- The list of sources for each group reported by the hosts
- The router filter mode of each group
- For each group, the list of hosts requesting the source
Note ● Disabling explicit host tracking disables fast-leave processing and proxy reporting.
- When explicit tracking is enabled and the switch is in report-suppression mode, the multicast router might not be able to track all the hosts accessed through a VLAN interface.
MLD Snooping Proxy Reporting
Because MLD does not have report suppression, all the hosts send their complete multicast group membership information to the multicast router in response to queries. The switch snoops these responses, updates the database and forwards the reports to the multicast router. To prevent the multicast router from becoming overloaded with reports, MLD snooping does proxy reporting.
Proxy reporting forwards only the first report for a multicast group to the router and suppresses all other reports for the same multicast group.
Proxy reporting processes solicited and unsolicited reports. Proxy reporting is enabled and cannot be disabled.
Note Disabling explicit host tracking disables fast-leave processing and proxy reporting.
Joining an IPv6 Multicast Group
Hosts join IPv6 multicast groups either by sending an unsolicited MLD report or by sending an MLD report in response to a general query from an IPv6 multicast router (the switch forwards general queries from IPv6 multicast routers to all ports in a VLAN). The switch snoops these reports.
In response to a snooped MLD report, the switch creates an entry in its Layer 2 forwarding table for the VLAN on which the report was received. When other hosts that are interested in this multicast traffic send MLD reports, the switch snoops their reports and adds them to the existing Layer 2 forwarding table entry. The switch creates only one entry per VLAN in the Layer 2 forwarding table for each multicast group for which it snoops an MLD report.
MLD snooping suppresses all but one of the host reports per multicast group and forwards this one report to the IPv6 multicast router.
The switch forwards multicast traffic for the multicast group specified in the report to the interfaces where reports were received (see Figure 36-1).
Layer 2 multicast groups learned through MLD snooping are dynamic. However, you can statically configure Layer 2 multicast groups using the mac-address-table static command. When you specify group membership for a multicast group address statically, the static setting supersedes any MLD snooping learning. Multicast group membership lists can consist of both static and MLD snooping-learned settings.
Figure 36-1 Initial MLD Listener Report
Multicast router A sends an MLD general query to the switch, which forwards the query to ports 2 through 5 (all members of the same VLAN). Host 1 wants to join an IPv6 multicast group and multicasts an MLD report to the group with the equivalent MAC destination address of 0x0100.5E01.0203. When the switch snoops the MLD report multicast by Host 1, the switch uses the information in the MLD report to create a forwarding-table entry. Table 36-1 shows the forwarding table, which includes the port numbers of Host 1, the multicast router, and the switch.
|
|
|
---|---|---|
The switch hardware can distinguish MLD information packets from other packets for the multicast group. The first entry in the table indicates that only MLD packets should be sent to the CPU, which prevents the switch from becoming overloaded with multicast frames. The second entry indicates that frames addressed to the 0x0100.5E01.0203 multicast MAC address that are not MLD packets (!MLD) should be sent to the multicast router and to the host that has joined the group.
If another host (for example, Host 4) sends an unsolicited MLD report for the same group (Figure 36-2), the switch snoops that message and adds the port number of Host 4 to the forwarding table as shown in Table 36-2 . Because the forwarding table directs MLD messages only to the switch, the message is not flooded to other ports. Any known multicast traffic is forwarded to the group and not to the switch.
Figure 36-2 Second Host Joining a Multicast Group
|
|
|
---|---|---|
Leaving a Multicast Group
Normal Leave Processing
Interested hosts must continue to respond to the periodic MLD general queries. As long as at least one host in the VLAN responds to the periodic MLD general queries, the multicast router continues forwarding the multicast traffic to the VLAN. When hosts want to leave a multicast group, they can either ignore the periodic MLD general queries (called a “silent leave”), or they can send an MLD filter mode change record.
When MLD snooping receives a filter mode change record from a host that configures the EXCLUDE mode for a group, MLD snooping sends out a MAC-addressed general query to determine if any other hosts connected to that interface are interested in traffic for the specified multicast group.
If MLD snooping does not receive an MLD report in response to the general query, MLD snooping assumes that no other hosts connected to the interface are interested in receiving traffic for the specified multicast group, and MLD snooping removes the interface from its Layer 2 forwarding table entry for the specified multicast group.
If the filter mode change record was from the only remaining interface with hosts interested in the group, and MLD snooping does not receive an MLD report in response to the general query, MLD snooping removes the group entry and relays the MLD filter mode change record to the multicast router. If the multicast router receives no reports from a VLAN, the multicast router removes the group for the VLAN from its MLD cache.
The interval for which the switch waits before updating the table entry is called the “last member query interval.” To configure the interval, enter the ipv6 mld snooping last-member-query-interval interval command.
Fast-Leave Processing
Fast-leave processing is enabled by default. To disable fast-leave processing, turn off explicit-host tracking.
Fast-leave processing is implemented by maintaining source-group based membership information in software while also allocating LTL indexes on a MAC GDA basis.
When fast-leave processing is enabled, hosts send BLOCK_OLD_SOURCES{src-list} messages for a specific group when they no longer want to receive traffic from that source. When the switch receives such a message from a host, it parses the list of sources for that host for the given group. If this source list is exactly the same as the source list received in the leave message, the switch removes the host from the LTL index and stops forwarding this multicast group traffic to this host.
If the source lists do not match, the switch does not remove the host from the LTL index until the host is no longer interested in receiving traffic from any source.
Note Disabling explicit host tracking disables fast-leave processing and proxy reporting.
Understanding the MLD Snooping Querier
Use the MLD snooping querier to support MLD snooping in a VLAN where PIM and MLD are not configured because the multicast traffic does not need to be routed.
In a network where IP multicast routing is configured, the IP multicast router acts as the MLD querier. If the IP-multicast traffic in a VLAN only needs to be Layer 2 switched, an IP-multicast router is not required, but without an IP-multicast router on the VLAN, you must configure another switch as the MLD querier so that it can send queries.
When enabled, the MLD snooping querier sends out periodic MLD queries that trigger MLD report messages from the switch that wants to receive IP multicast traffic. MLD snooping listens to these MLD reports to establish appropriate forwarding.
You can enable the MLD snooping querier on all the switches in the VLAN, but for each VLAN that is connected to switches that use MLD to report interest in IP multicast traffic, you must configure at least one switch as the MLD snooping querier.
You can configure a switch to generate MLD queries on a VLAN regardless of whether or not IP multicast routing is enabled.
Default MLD Snooping Configuration
Table 36-3 shows the default MLD snooping configuration.
|
|
---|---|
MLD Snooping Configuration Guidelines and Restrictions
When configuring MLD snooping, follow these guidelines and restrictions:
- Only PFC3C and PFC3CXL modes support MLD version 1 (MLDv1) and MLD version 2 (MLDv2).
- These modes support only MLD version 2 (MLDv2):
- MLD is derived from Internet Group Management Protocol version 3 (IGMPv3). MLD protocol operations and state transitions, host and router behavior, query and report message processing, message forwarding rules, and timer operations are exactly same as IGMPv3. See draft-vida-mld-.02.txt for detailed information on MLD protocol.
- MLD protocol messages are Internet Control Message Protocol version 6 (ICMPv6) messages.
- MLD message formats are almost identical to IGMPv3 messages.
- IPv6 multicast for Cisco IOS software uses MLD version 2. This version of MLD is fully backward-compatible with MLD version 1 (described in RFC 2710). Hosts that support only MLD version 1 interoperate with a router running MLD version 2. Mixed LANs with both MLD version 1 and MLD version 2 hosts are supported.
- MLD snooping supports private VLANs. Private VLANs do not impose any restrictions on MLD snooping.
- MLD snooping constrains traffic in MAC multicast groups 0100.5e00.0001 to 0100.5eff.ffff.
- MLD snooping does not constrain Layer 2 multicasts generated by routing protocols.
MLD Snooping Querier Configuration Guidelines and Restrictions
When configuring the MLD snooping querier, follow these guidelines and restrictions:
- Configure the VLAN in global configuration mode (see Chapter 23, “Configuring VLANs”).
- Configure an IPv6 address on the VLAN interface (see Chapter 30, “Configuring Layer 3 Interfaces”). When enabled, the MLD snooping querier uses the IPv6 address as the query source address.
- If there is no IPv6 address configured on the VLAN interface, the MLD snooping querier does not start. The MLD snooping querier disables itself if the IPv6 address is cleared. When enabled, the MLD snooping querier restarts if you configure an IPv6 address.
- When enabled, the MLD snooping querier does not start if it detects MLD traffic from an IPv6 multicast router.
- When enabled, the MLD snooping querier starts after 60 seconds with no MLD traffic detected from an IPv6 multicast router.
- When enabled, the MLD snooping querier disables itself if it detects MLD traffic from an IPv6 multicast router.
- QoS does not support MLD packets when MLD snooping is enabled.
- You can enable the MLD snooping querier on all the switches in the VLAN that support it. One switch is elected as the querier.
Enabling the MLD Snooping Querier
Use the MLD snooping querier to support MLD snooping in a VLAN where PIM and MLD are not configured because the multicast traffic does not need to be routed.
To enable the MLD snooping querier in a VLAN, perform this task:
|
|
|
---|---|---|
Router# show ipv6 mld interface vlan vlan_ID | include querier |
This example shows how to enable the MLD snooping querier on VLAN 200 and verify the configuration:
Configuring MLD Snooping
Note To use MLD snooping, configure a Layer 3 interface in the subnet for IPv6 multicast routing or enable the MLD snooping querier in the subnet (see the “Enabling the MLD Snooping Querier” section).
These sections describe how to configure MLD snooping:
- Enabling MLD Snooping
- Configuring a Static Connection to a Multicast Receiver
- Enabling Fast-Leave Processing
- Configuring Explicit Host Tracking
- Configuring Report Suppression
- Displaying MLD Snooping Information
Note Except for the global enable command, all MLD snooping commands are supported only on VLAN interfaces.
Enabling MLD Snooping
To enable MLD snooping globally, perform this task:
|
|
|
---|---|---|
Router# show ipv6 mld interface vlan vlan_ID | include globally |
This example shows how to enable MLD snooping globally and verify the configuration:
To enable MLD snooping in a VLAN, perform this task:
|
|
|
---|---|---|
Router# show ipv6 mld interface vlan vlan_ID | include snooping |
This example shows how to enable MLD snooping on VLAN 25 and verify the configuration:
Note For WS-SUP720-3B, the maximum threshold value for MLD snooping is 32000 entries. With MLD snooping enabled, surpassing this threshold might lead to a crash. Disabling MLD snooping will allow the switch to process larger number of entries.
Configuring a Static Connection to a Multicast Receiver
To configure a static connection to a multicast receiver, perform this task:
|
|
|
---|---|---|
Router(config)# mac-address-table static mac_addr vlan vlan_id interface type 1 slot/port [ disable-snooping ] |
||
1.type = fastethernet, gigabitethernet, or tengigabitethernet |
When you configure a static connection, enter the disable-snooping keyword to prevent multicast traffic addressed to the statically configured multicast MAC address from also being sent to other ports in the same VLAN.
This example shows how to configure a static connection to a multicast receiver:
Configuring a Multicast Router Port Statically
To configure a static connection to a multicast router, perform this task:
|
|
|
---|---|---|
Router(config-if)# ipv6 mld snooping mrouter interface type 2 slot/port |
||
2.type = fastethernet, gigabitethernet, or tengigabitethernet |
The interface to the router must be in the VLAN where you are entering the command, the interface must be administratively up, and the line protocol must be up.
This example shows how to configure a static connection to a multicast router:
Configuring the MLD Snooping Query Interval
You can configure the interval for which the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group.
Note When both MLD snooping fast-leave processing and the MLD snooping query interval are configured, fast-leave processing takes precedence.
To configure the interval for the MLD snooping queries sent by the switch, perform this task:
This example shows how to configure the MLD snooping query interval:
Enabling Fast-Leave Processing
To enable fast-leave processing in a VLAN, perform this task:
|
|
|
---|---|---|
Router# show ipv6 mld interface vlan vlan_ID | include fast-leave |
This example shows how to enable fast-leave processing on the VLAN 200 interface and verify the configuration:
Enabling SSM Safe Reporting
To enable source-specific multicast (SSM) safe reporting, perform this task:
|
|
|
---|---|---|
This example shows how to SSM safe reporting:
Configuring Explicit Host Tracking
Note Disabling explicit host tracking disables fast-leave processing and proxy reporting.
To enable explicit host tracking on a VLAN, perform this task:
|
|
|
---|---|---|
Router# show ipv6 mld snooping explicit-tracking vlan vlan_ID |
This example shows how to enable explicit host tracking:
Configuring Report Suppression
To enable report suppression on a VLAN, perform this task:
|
|
|
---|---|---|
Router# show ipv6 mld interface vlan_ID | include report-suppression |
This example shows how to enable explicit host tracking:
Displaying MLD Snooping Information
These sections describe displaying MLD snooping information:
Displaying Multicast Router Interfaces
When you enable IGMP snooping, the switch automatically learns to which interface the multicast routers are connected.
To display multicast router interfaces, perform this task:
|
|
---|---|
This example shows how to display the multicast router interfaces in VLAN 1:
Displaying MAC Address Multicast Entries
To display MAC address multicast entries for a VLAN, perform this task:
|
|
---|---|
This example shows how to display MAC address multicast entries for VLAN 1:
This example shows how to display a total count of MAC address entries for a VLAN:
Displaying MLD Snooping Information for a VLAN Interface
Note When you apply the ipv6 mld snooping command and associated commands on any VLAN interface, the commands continue to function even if the VLAN interface is in shutdown state.
To display MLD snooping information for a VLAN interface, perform this task:
|
|
---|---|
Router# show ipv6 mld snooping {{ explicit-tracking vlan_ID }| { mrouter [ vlan vlan_ID ]} | { report-suppression vlan vlan_ID } | { statistics vlan vlan_ID } |
This example shows how to display explicit tracking information on VLAN 25:
This example shows how to display the multicast router interfaces in VLAN 1:
This example shows IGMP snooping statistics information for VLAN 25:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum