24-35
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter24 Configuring IP Multicast Routi ng Configuring Optional IGMP Features
Controlling Access to IP Multicast Groups
The multilayer switch sends IGMP host-query messages to determine which multicast groups have
members on attached local networks. The switch then forwards to these group members all packets
addressed to the multicast group. You can place a filter on each interface to restrict the multicast groups
that hosts on the subnet serviced by the interface can join.
Beginning in privileged EXEC mode, follow these steps to filter multicast groups allowed on an
interface:
To disable groups on an interface, use the no ip igmp access-group access-list-number interface
configuration command.
This example shows how to configure hosts attached to Gigabit Ethernet interface 0/1 as able to join
only group 255.2.2.2:
Switch(config)# access-list 1 255.2.2.2 0.0.0.0
Switch(config-if)# interface gigabitethernet0/1
Switch(config-if)# ip igmp access-group 1
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Enter interface configuration mode, and specify the interface to be
configured.
Step3 ip igmp access-group access-list-number Specify the multicast groups that hosts on the subnet serviced by an
interface can join.
By default, all groups are allowed on an interface.
For access-list-number, specify an IP standard access list number.
The range is 1 to 99.
Step4 exit Return to global configuration mode.
Step5 access-list access-list-number {deny |
permit} source [source-wildcard]Create a standard access list.
For access-list-number, specify the access list created in Step 3.
The deny keyword denies access if the conditions are matched.
The permit keyword permits access if the conditions are
matched.
For source, specify the multicast group that hosts on the subnet
can join.
(Optional) For source-wildcard, enter the wildcard bits in dotted
decimal notation to be applied to the source. Place ones in the bit
positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Step6 end Return to privileged EXEC mode.
Step7 show ip igmp interface [interface-id] Verify your entries.
Step8 copy running-config startup-config (Optional) Save your entries in the configuration file.