HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1161
25
Step Command Remarks
2. Enter Layer 2 Ethernet
interface view, Layer 2
aggregate interface view, or
port group view.
• Enter Layer 2 Ethernet interface
view or Layer 2 aggregate
interface view:
interface interface-type
interface-number
• Enter port group view:
port-group manual
port-group-name Use either command.
3. Disable the ports from
becoming dynamic router
port. igmp-snooping router-port-deny
[
vlan vlan-list ] By default, a port can become a
dynamic router...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1160.png "Page 1161
25
Step Command Remarks
2. Enter Layer 2 Ethernet
interface view, Layer 2
aggregate interface view, or
port group view.
• Enter Layer 2 Ethernet interface
view or Layer 2 aggregate
interface view:
interface interface-type
interface-number
• Enter port group view:
port-group manual
port-group-name Use either command.
3. Disable the ports from
becoming dynamic router
port. igmp-snooping router-port-deny
[
vlan vlan-list ] By default, a port can become a
dynamic router...")
25 Step Command Remarks 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Disable the ports from becoming dynamic router port. igmp-snooping router-port-deny [ vlan vlan-list ] By default, a port can become a dynamic router port. NOTE: This configuration does not affect the static router port configuration. Configuring IGMP snooping querier Configuration prerequisites Before you configure IGMP snooping querier, complete the following tasks: • Enable IGMP snooping in the VLAN. • Determine the IGMP general query interval. • Determine the IGMP last-member query interval. • Determine the maximum response delay for IGMP general queries. • Determine the source address of IGMP general queries. • Determine the source address of IGMP group-specific queries. Enabling IGMP snooping querier In an IP multicast network that runs IGMP, a multicast router or Layer 3 multicast switch sends IGMP queries, so that all Layer 3 multicast devices can establish and maintain multicast forwarding entries, in order to for ward multicast traffic correctly at the network layer. This router or Layer 3 switch is called the IGMP querier. For more information about IGMP querier, see Configuring IGMP (available only on the HP 5 500 EI) . However, a Layer 2 multicast switch does not support IGMP, and therefore cannot send general queries by default. When you enable IGMP snooping querier on a Layer 2 switch in a VLAN where multicast traffic is switched only at Layer 2 and no multicas t routers are present, the Layer 2 switch sends IGMP queries, so that multicast forwarding entries can be established and maintained at the data link layer. To enable IGMP snooping querier: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A
26 Step Command Remarks 3. Enable IGMP snooping querier. igmp-snooping querier Disabled by default IMPORTANT: In a multicast network that runs IGMP, you do not need to configure an IGMP snooping querier because it may affect IGMP querier elections by sending IGMP general queries with a low source IP address. Configuring parameters for IGMP queries and responses Configuration guidelines You can modify the IGMP general query interval based on actual condition of the network. A multicast listening host starts a timer for each multicast group that it has joined when it receives an IGMP query (general query or group-specific query). This timer is initialized to a random value in the range of 0 to the maximum response delay advertised in the IGMP query message. When the timer value decreases to 0, the host sends an IGMP report to the multicast group. To speed up the response of hosts to IGMP querie s and avoid simultaneous timer expirations causing IGMP report traffic bursts, you must properly set the maximum response delay. • The maximum response delay for IGMP general queries is set by the max-response-time command. • The maximum response delay for IGMP group-specific queries equals the IGMP last-member query interval. In the configuration, make sure that the IGMP general query interval is larger than the maximum response delay for IGMP general queries. Otherwis e, multicast group members might be deleted by mistake. Configuration procedure To configure the global parameters for IGMP queries and responses: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IGMP-snooping view. igmp-snooping N/A 3. Set the maximum response delay for IGMP general queries. max-response-time interval 10 seconds by default 4. Set the IGMP last-member query interval. last-member-query-interval interval 1 second by default To configure the parameters for IGMP queries and responses in a VLAN: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Set the interval for sending IGMP general queries. igmp-snooping query-interval interval 60 seconds by default
27
Step Command Remarks
4. Set the maximum response
delay for IGMP general
queries. igmp-snooping max-response-time
interval
10 seconds by default
5. Set the IGMP last-member
query interval. igmp-snooping
last-member-query-interval
interval
1 second by default
Configuring the source IP addresses for IGMP queries
After the switch receives an IGMP query whose source IP address is 0.0.0.0 on a port, it does not enlist
that port as a dynamic router port. This might prev ent multicast forwarding entries from being correctly
created at the data link layer and eventually cause multicast traffic forwarding to fail. To avoid this
problem, when a Layer 2 switch acts as the I GMP snooping querier, HP recommends you to configure a
non-all-zero IP address as the source IP address of IGMP queries.
IMPORTANT:
The source address of IGMP query
messages might affect the IGMP quer ier election within the segment
To configure the source IP addresses for IGMP queries:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id N/A
3. Configure the source address
of IGMP general queries. igmp-snooping general-query source-ip
{ ip-address | current-interface }
0.0.0.0 by default
4. Configure the source IP
address of IGMP
group-specific queries. igmp-snooping special-query source-ip
{ ip-address | current-interface }
0.0.0.0 by default
Configuring IGMP snooping proxying
Configuration prerequisites
Before you configure IGMP snooping proxying in a VLAN, complete the following tasks:
• Enable IGMP snooping in the VLAN.
• Determine the source IP address for the IGMP reports sent by the proxy.
• Determine the source IP address for the IGMP leave messages sent by the proxy.
Enabling IGMP snooping proxying
The IGMP snooping proxying function works on a per-VLAN basis. After you enable the function in a
VLAN, the device works as the IGMP snooping proxy for the downstream hosts and upstream router in
the VLAN.
To enable IGMP snooping proxying in a VLAN:
28
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id N/A
3. Enable IGMP snooping
proxying in the VLAN. igmp-snooping proxying enable
Disabled by default
Configuring a source IP address for the IGMP messages sent by
the proxy
You can set the source IP addresses in the IGMP reports and leave messages that the IGMP snooping
proxy sends on behalf of its attached hosts.
To configure the source IP addresses for the IGMP messages that the IGMP snooping proxy sends on
behalf of its attached hosts in a VLAN:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id N/A
3. Configure a source IP
address for the IGMP
reports that the proxy sends. igmp-snooping report source-ip
{ ip-address | current-interface } The default is 0.0.0.0.
4.
Configure a source IP
address for the IGMP leave
messages that the proxy
sends. igmp-snooping leave source-ip
{ ip-address | current-interface } The default is 0.0.0.0.
Configuring an IGMP snooping policy
Configuration prerequisites
Before you configure an IGMP snooping policy, complete the following tasks:
•
Enable IGMP snooping in the VLAN.
• Determine the ACL rule for multicast group filtering.
• Determine the maximum number of multicast groups that a port can join.
• Determine the 802.1p precedence for IGMP messages.
Configuring a multicast group filter
On an IGMP snooping–enabled switch, you can configure a multicast group filter to limit multicast
programs available to users.
Configuration guidelines
In an application, when a user requests a multicast program, the user’s host initiates an IGMP report.
After receiving this report message, the switch re solves the multicast group address in the report and
looks up the ACL. If a match is found to permit the port that received the report to join the multicast group,
29 the switch creates an IGMP snooping forwarding entr y for the multicast group and adds the port to the forwarding entry. Otherwise, the switch drops this report message, in which case, the multicast data for the multicast group is not sent to this port, and the user cannot retrieve the program. When you configure a multicast group filter in a multicast VLAN, be sure to configure the filter in the sub-VLANs of the multicast VLAN. Otherwise, the configuration does not take effect. In IGMPv3, when a host is enabled to join multiple multicast groups, the multicast group filter cannot correctly filter multicast groups because the host that runs IGMPv3 sends multiple multicast groups that it wants to join in one membership report. Configuration procedure To configure a multicast group filter globally: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IGMP-snooping view. igmp-snooping N/A 3. Configure a multicast group filter. group-policy acl-number [ vlan vlan-list ] By default, no group filter is globally configured. That is, the hosts in a VLAN can join any valid multicast group. To configure a multicast group filter for a port: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Configure a multicast group filter. igmp-snooping group-policy acl-number [ vlan vlan-list ] By default, no group filter is configured on the current port. That is, the hosts on this port can join any valid multicast group. Configuring multicast source port filtering When the multicast source port filtering feature is enabled on a port, the port can connect to only multicast receivers rather than to multicast sources, because the port blocks all multicast data packets but it permits multicast protocol packets to pass. If this feature is disabled on a port, the port can conne ct to both multicast sources and multicast receivers. Configuring multicast source port filtering globally
30 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IGMP-snooping view. igmp-snooping N/A 3. Enable multicast source port filtering. source-deny port interface-list Disabled by default Configuring multicast source port filtering on a port Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view or port group view. • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Enable multicast source port filtering. igmp-snooping source-deny Disabled by default. Enabling dropping unknown multicast data Configuration guidelines Unknown multicast data refers to multicast data for which no entries exist in the IGMP snooping forwarding table. When the switch receives such multicast traffic, one of the following occurs: • When the function of dropping unknown multicast data is disabled, the switch floods unknown multicast data in the VLAN that the unknown multicast data belongs to, causing network bandwidth waste and low forwarding efficiency. • When the function of dropping unknown multicast data is enabled, the switch forwards unknown multicast data to its router ports instead of flooding it in the VLAN. If no router ports exist, the switch drops the unknown multicast data. Configuration procedure To enable dropping unknown multicast data in a VLAN: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Enable dropping unknown multicast data. igmp-snooping drop-unknown Disabled by default
31 Configuring IGMP report suppression When a Layer 2 switch receives an IGMP report from a multicast group member, the switch forwards the message to the Layer 3 device that directly connects to the Layer 2 switch. When multiple members of a multicast group are attached to the Layer 2 switch, the Layer 3 device might receive duplicate IGMP reports for the multicast group from these members. With the IGMP report suppression function enabled, within each query interval, the Layer 2 switch forwards only the first IGMP report for the multicast group to the Layer 3 device. It does not forward the subsequent IGMP reports for the same multicast group. This helps reduce the number of packets being transmitted over the network. IMPORTANT: On an IGMP snooping proxy, IGMP membership reports are suppressed if the entries for the correspondin g groups exist in the forwarding table, no matter the suppression function is enabled or not. To configure IGMP report suppression: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IGMP-snooping view. igmp-snooping N/A 3. Enable IGMP report suppression. report-aggregation Enabled by default Setting the maximum number of multicast groups that a port can join To regulate multicast traffic on a port, configure the maximum number of multicast groups that the port can join. When you configure this maximum number, if the number of multicast groups the port has joined exceeds the configured maximum value, the system deletes all the forwarding entries for the port from the IGMP snooping forwarding table, and the hosts on this port join multicast groups again until the number of multicast groups that the port joins reaches the maximum value. When the port joins a multicast group, if the port has been configured as a static member po rt, the system applies the configurations to the port again. If you have configured simulated joining on the port, the system establishes corresponding forwarding entry for the port after receiving a report from the simulated member host. To set the maximum number of multicast groups that a port can join: Step Command Remarks 1. Enter system view. system-view N/A
32 Step Command Remarks 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Set the maximum number of multicast groups that a port can join. igmp-snooping group-limit limit [ vlan vlan-list ] By default, the upper limit is 2000 for the HP 5500 EI switches, and 1000 for the HP 5500 SI switches. Enabling multicast group replacement Configuration guidelines For various reasons, the number of multicast groups that the switch or a port joins might exceed the upper limit. In addition, in some specific applications, a multicast group that the switch newly joins must replace an existing multicast group automatically. A typical ex ample is channel switching. To view a new channel, a user switches from the current multicast group to the new one. To realize such requirements, you can enable the multicast group replacement function on the switch or on a certain port. When the number of multicast groups that the switch or on the port has joined reaches the limit, one of the following occurs: • If the multicast group replacement feature is disabled, new IGMP reports are automatically discarded. • If the multicast group replacement feature is enabled, the multicast group that the switch or a port newly joins automatically replaces an existing multicast group that has the lowest address. In the configuration, be sure to configure the maximum number of multicast groups allowed on a port (see Setting the maximum number of multicast groups that a port can join ) before enabling multicast group replacement. Otherwise, the multicast group re placement functionality will not take effect. Configuration procedure To enable multicast group replacement globally: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IGMP-snooping view. igmp-snooping N/A 3. Enable multicast group replacement. overflow-replace [ vlan vlan-list ] Disabled by default To enable multicast group replacement for a port: Step Command Remarks 1. Enter system view. system-view N/A
33 Step Command Remarks 2. Enter Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type interface-number • Enter port group view: port-group manual port-group-name Use either command. 3. Enable multicast group replacement. igmp-snooping overflow-replace [ vlan vlan-list ] Disabled by default. Setting the 802.1p precedence for IGMP messages You can change the 802.1p precedence for IGMP me ssages so that they can be assigned higher forwarding priority when congestion occurs on their outgoing ports. Setting the 802.1p precedence for IGMP messages globally Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IGMP-snooping view. igmp-snooping N/A 3. Set the 802.1p precedence for IGMP messages. dot1p-priority priority-number The default 802.1p precedence for IGMP messages is 0. Setting the 802.1p precedence for IGMP messages in a VLAN Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VLAN view. vlan vlan-id N/A 3. Set the 802.1p precedence for IGMP messages in the VLAN. igmp-snooping dot1p-priority priority-number The default 802.1p precedence for IGMP messages is 0. Configuring a multicast user control policy Configuration guidelines Multicast user control policies are configured on access switches to allow only authorized users to receive requested multicast traffic flows. This helps restrict users from ordering certain multicast-on-demand programs. In practice, a device first needs to perform authentication (802.1X authentication, for example) on connected hosts through a RADIUS server. Then, the device uses the configured multicast user control policy to perform multicast access control on authenticated users as follows: • After receiving an IGMP report from a host, the access switch matches the multicast group address and multicast source address carried in the report with the configured policies. If a match is found,
34 the host is allowed to join the multicast group. Otherwise, the join report is dropped by the access switch. • After receiving an IGMP leave message from a host, the access switch matches the multicast group and source addresses with the policies. If a match is found, the host is allowed to leave the group. Otherwise, the leave message is dropped by the access switch. A multicast user control policy is functionally similar to a multicast group filter. A difference is that a control policy can control both multicast joining and leaving of users based on authentication and authorization, but a multicast group filter is configured on a port to control only multicast joining but not leaving of users without authentication or authorization. Configuration procedure To configure a multicast user control policy: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a user profile and enter its view. user-profile profile-name N/A 3. Configure a multicast user control policy. igmp-snooping access-policy acl-number No p oli cy is c o nfigured b y d efa ult. That is, a host can join or leave a valid multicast group at any time. 4. Return to system view. quit N/A 5. Enable the created user profile. user-profile profile-name enable Disabled by default. For more information about the user-profile and user-profile enable commands, see Security Command Reference. Enabling the IGMP snooping host tracking function With the IGMP snooping host tracking function, the switch can record the information of the member hosts that are receiving multicast traffic, including th e host IP address, running duration, and timeout time. You can monitor and manage the member hosts according to the recorded information. Enabling the IGMP snooping host tracking function globally Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IGMP-snooping view. igmp-snooping N/A 3. Enable the IGMP snooping host tracking function globally. host-tracking Disabled by default Enabling the IGMP snooping host tracking function in a VLAN Step Command Remarks 1. Enter system view. system-view N/A