C
HAPTER
39
| Multicast Filtering Commands
IGMP Filtering and Throttling
– 1231 –
COMMAND USAGE
◆ If IGMP authentication is enabled on an interface, and a join report is
received on the interface, the switch will send an access request to the
RADIUS server to perform authentication.
◆ Only when the RADIUS server responds with an authentication success
message will the switch learn the group report. Once the group is
learned, the switch will not send an access request to the RADIUS
server when receiving the same report again within a one (1) day
period.
◆ If the RADIUS server responds that authentication failed or the timer
expires, the report will be dropped and the group will not be learned.
The entry (host MAC, port number, VLAN ID, and group IP) will be put
in the “authentication failed list”.
◆ The “authentication failed list” is valid for the period of the interval
defined by the command ip igmp snooping vlan query-interval. When
receiving the same report during this interval, the switch will not send
the access request to the RADIUS server.
◆ If the port leaves the group and subsequently rejoins the same group,
the join report needs to again be authenticated.
◆ When receiving an IGMP v3 report message, the switch will send the
access request to the RADIUS server only when the record type is
either IS_EX or TO_EX, and the source list is empty. Other types of
packets will not initiate RADIUS authentication.
IS_EX (MODE_IS_EXCLUDE) - Indicates that the interface’s filter mode
is EXCLUDE for the specified multicast address. The Source Address
fields in this Group Record contain the interface's source list for the
specified multicast address, if not empty.
TO_EX (CHANGE_TO_EXCLUDE_MODE) - Indicates that the interface
has changed to EXCLUDE filter mode for the specified multicast
address. The Source Address fields in this Group Record contain the
interface's new source list for the specified multicast address, if not
empty.
◆ When a report is received for the first time and is being authenticated,
whether authentication succeeds or fails, the report will still be sent to
the multicast-router port.
◆ The following table shows the RADIUS server Attribute Value Pairs used
for authentication:
Table 159: IGMP Authentication RADIUS Attribute Value Pairs
Attribute Name AVP Type Entry
USER_NAME 1 User MAC address
USER_PASSWORD 2 User MAC address
NAS_IP_ADDRESS 4 Switch IP address
To Next Page
Loading...
Need help?
General
