ip igmp snooping apply access-list

Syntax

ip igmp snooping apply access-list <ACL-NAME>

no ip igmp snooping apply access-list <ACL-NAME>

Description

Configures the ACL on a particular interface to filter the IGMP join or leave packets based on rules set in the particular ACL name.

The no form of this command unconfigures the rules set for the ACL.
NOTE:

This configuration will override the ACL associated with IGMP snooping on the corresponding L2 VLAN.

Command context

config-vlan

Parameters

access-list

Associates an ACL with the IGMP.

<ACL-NAME>

Specifies the name of the ACL.

Authority

Administrators or local user group members with execution rights for this command.

Usage

Existing classifier commands are used to configure the ACL. In case an IGMPv3 packet with multiple group addresses is received, it will only process the permitted group addresses based on the ACL rule set, and any existing joins will time out. If there is no match or if there is a deny rule match, the packet is dropped.
NOTE:

If the access list is configured for both L2 VLAN and L3 VLAN, the L3 VLAN configuration will be applied.

Examples

Configuring the ACL to filter IGMP packets based on rules set in access list mygroup:

switch(config)# access-list ip mygroup
switch(config-acl-ip)# permit igmp any 239.1.1.1
switch(config-acl-ip)# exit
switch(config)# interface vlan 2
switch(config-vlan)# ip igmp snooping apply access-list mygroup

Configuring the ACL to remove the rules set in access list mygroup:

switch(config-vlan)# no ip igmp snooping apply access-list mygroup