group-policy (IGMP-snooping view)
Use group-policy to globally configure a multicast group policy to control the multicast groups that hosts can join.
Use undo group-policy to globally delete multicast group policies.
Syntax
group-policy ipv4-acl-number [ vlan vlan-list ]
undo group-policy [ vlan vlan-list ]
Default
No multicast group policies exist. Hosts can join any multicast groups.
Views
IGMP-snooping view
Predefined user roles
network-admin
Parameters
ipv4-acl-number: Specifies an IPv4 basic or advanced ACL by its number in the range of 2000 to 3999. Hosts can join only the multicast groups that the ACL permits. If the ACL does not exist or does not have valid rules, hosts cannot join multicast groups.
vlan vlan-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN by its ID or a range of VLANs in the form of start-vlan-id to end-vlan-id. The VLAN ID is in the range of 1 to 4094. If you do not specify a VLAN, this command takes effect on all VLANs and VSIs.
Usage guidelines
A multicast group policy filters IGMP reports to control the multicast groups that hosts can join.
This command does not take effect on static member ports, because static member ports do not send IGMP reports.
You can configure a multicast group policy globally for all ports in IGMP-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.
When you configure a rule in the IPv4 ACL, follow these restrictions and guidelines:
For the rule to take effect, do not specify the vpn-instance vpn-instance option.
In a basic ACL, the source source-address source-wildcard option specifies a multicast group address.
In an advanced ACL, the source source-address source-wildcard option specifies a multicast source address. The destination dest-address dest-wildcard option specifies a multicast group address.
To match the following IGMP reports, set the source source-address source-wildcard option to 0.0.0.0:
IGMPv1 and IGMPv2 reports.
IGMPv3 IS_EX and IGMPv3 TO_EX reports that do not carry multicast source addresses.
Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.
You can configure different ACLs for all ports in different VLANs. If you configure multiple ACLs for all ports in the same VLAN, the most recent configuration takes effect.
Examples
# Configure a multicast group policy for VLAN 2 so that hosts in VLAN 2 can join only multicast group 225.1.1.1.
<Sysname> system-view [Sysname] acl basic 2000 [Sysname-acl-ipv4-basic-2000] rule permit source 225.1.1.1 0 [Sysname-acl-ipv4-basic-2000] quit [Sysname] igmp-snooping [Sysname-igmp-snooping] group-policy 2000 vlan 2
Related commands
igmp-snooping group-policy