group-policy (MLD-snooping view)

Use group-policy to globally configure an IPv6 multicast group policy to control the IPv6 multicast groups that hosts can join.

Use undo group-policy to globally delete IPv6 multicast group policies.

Syntax

group-policy ipv6-acl-number [ vlan vlan-list ]

undo group-policy [ vlan vlan-list ]

Default

No IPv6 multicast group policies exist. Hosts can join any IPv6 multicast groups.

Views

MLD-snooping view

Predefined user roles

network-admin

Parameters

ipv6-acl-number: Specifies an IPv6 basic or advanced ACL by its number in the range of 2000 to 3999. Hosts can join only IPv6 multicast groups that the ACL permits. If the ACL does not exist or does not have valid rules, hosts cannot join IPv6 multicast groups.

vlan vlan-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN by its ID or a range of VLANs in the form of start-vlan-id to end-vlan-id. The VLAN ID is in the range of 1 to 4094. If you do not specify a VLAN, this command takes effect for all VLANs and VSIs.

Usage guidelines

An IPv6 multicast group policy filters MLD reports to control the IPv6 multicast groups that hosts can join.

This command does not take effect on static member ports, because static member ports do not send MLD reports.

You can configure an IPv6 multicast group policy globally for all ports in MLD-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.

When you configure a rule in the IPv6 ACL, follow these restrictions and guidelines:

For the rule to take effect, do not specify the vpn-instance vpn-instance option.
In a basic ACL, the source source-address source-prefix option specifies an IPv6 multicast group address.
In an advanced ACL, the source source-address source-prefix option specifies an IPv6 multicast source address. The destination dest-address dest-prefix option specifies an IPv6 multicast group address.
To match MLDv1 and MLDv2 reports, set the source source-address source-prefix option to 0::0.
Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.

You can configure different ACLs for all ports in different VLANs. If you configure multiple ACLs for all ports in the same VLAN, the most recent configuration takes effect.

Examples

# Configure an IPv6 multicast group policy for VLAN 2 so that hosts in VLAN 2 can join only IPv6 multicast group FF03::101.

<Sysname> system-view
[Sysname] acl ipv6 basic 2000
[Sysname-acl-ipv6-basic-2000] rule permit source ff03::101 128
[Sysname-acl-ipv6-basic-2000] quit
[Sysname] mld-snooping
[Sysname-mld-snooping] group-policy 2000 vlan 2

Related commands

mld-snooping group-policy

prev	up	next
fast-leave (MLD-snooping view)	home	host-aging-time (MLD-snooping view)