PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:multicast:l2:igmp:configuration:configuration

INCOMPLETE: Multicast IGMP Configuration

Lab 1: IGMP a991d586-4ed0-46c6-8592-c6c50a4a19da

  • (S,G) = (10.1.1.100,239.0.1.1)
  • (*,G) = (*,239.0.1.1)
a991d586-4ed0-46c6-8592-c6c50a4a19da
network-infrastructure.multicast.igmp.a991d586
  1. Dependent Custom Images(This lab require following custom images!!)

Common Configuration Snippet

R1

R2

R3

SW1

px-ubuntu-nw-0

px-ubuntu-nw-1

px-ubuntu-nw-2

Configuration 9b077244-93d1-47b4-9b76-51739d355f4f

configure terminal
!
interface GigabitEthernet0/2
 ! Enable PIM Sparse Mode
 ip pim sparse-mode
 ! IGMP version configuration
 ip igmp version 3
 ! IGMPv2/v3: query interval to maintain IGMP up-to-date (default: 60 sec.)
 ip igmp query-interval 20
 ! IGMPv2/v3: If cannnot receive Query from Querier within 30 sec., Make a Querier itself. (default: 60 sec.)
 ip igmp querier-timeout 120
 ! IGMPv2 only: If no response within 3 sec., assume no member the group. (default: 10 sec.)
 ip igmp query-max-response-time 5
!
end

ip igmp query-interval

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_i1.html#wp4034771958

We recommend that you do not change the default IGMP query interval.

ip igmp querier-timeout

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_i1.html#wp1157094318

We recommend that you do not modify the IGMP query interval and IGMP querier timeout values.

ip igmp query-max-response-time

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_i1.html#wp2379524290

This command is valid only when IGMP Version 2 is running.

show or debug commands

! show IGMP enabled interface detail
show ip igmp interface
! show IGMP Membership Report from Receiver
show ip igmp groups
!
! show IGMP Message
debug ip igmp
! show IGMP Message for specific group
debug ip igmp 239.0.1.1

debug ip igmp

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/debug/command/i1/db-i1-cr-book/db-i2.html#wp3592155909

Console Log

Force IGMP Querier Promote.

  • R3
configure terminal
!
access-list 101 deny igmp any any
access-list 101 permit ip any any
!
interface GigabitEthernet0/1
 ip access-group 101 in
!
end
debug ip igmp

Console Log

network-infrastructure.multicast.igmp.a991d586.9b077244.lab1.r2ge0-0_r3ge0-1.pcapng
network-infrastructure.multicast.igmp.a991d586.9b077244.lab1.r3ge0-2_px-sw1g0-0.pcapng

Make a Receiver on router / switch interface aadcf034-9e6b-4ea8-b3f6-87a3a0cf3448

  1. This configuration respond to ICMP echo-request?
    1. This is useful for multicast reachablity test.
  2. Following configuration add Gi0/2 to multicast routing table OIL.
    1. So, Gi0/2 can forward multicast packet.
    2. And Gig0/2 send IGMP Membership Report, works Receiver.
  3. CCIE Lab Exam eligible?
  • R3
configure terminal
!
interface GigabitEthernet0/2
 ip igmp join-group 239.0.1.2
!
end
  • R3
debug ip igmp 239.0.1.2
  • R1
ping 239.0.1.2 repeat 4

Console Log

network-infrastructure.multicast.igmp.a991d586.aadcf034.lab1.r2ge0-0_r3ge0-1.pcapng
network-infrastructure.multicast.igmp.a991d586.aadcf034.lab1.r1ge0-1_r3ge0-0.pcapng
network-infrastructure.multicast.igmp.a991d586.aadcf034.lab1.r3ge0-2_sw1g0-0.pcapng

Another day

Assume Receiver in specific interface 8c6bb363-3e37-4428-af27-b367d80cf62f

  1. Ex. IGMP packet can't receive host.
  2. Following configuration assume the interface has the multicast group.
  3. Following configuration add Gig0/2 to OIL. So, the interface can forward the multicast group packet.
  4. Unlike ip igmp join-group command, ip igmp static-group configured interface not receive the multicast group packet and no send IGMP Membership Report.
  • SW1
configure terminal
!
no ip igmp snooping
!
access-list 101 deny igmp any any
access-list 101 permit ip any any
!
interface range GigabitEthernet0/0-2
 ip access-group 101 in
!
end
  • R3
configure terminal
!
interface GigabitEthernet0/2
 ip igmp static-group 239.0.1.3
!
end

Console Log

IGMP Membership Report Filtering e36ab559-9d53-40a7-9bcc-4134fe726657

  1. IGMP Membership Report will receive everything by default.
  2. Following configuration filter specific IGMP Membership Report.
  • SW1
configure terminal
!
no ip igmp snooping
!
end
  • R3
configure terminal
!
access-list 1 permit 239.0.1.2
!
interface GigabitEthernet0/2
 ip igmp access-group 1
!
end

Console Log

INCOMPLETE: IGMPv3 Membership Report Filtering 88d9db90-b3f7-4011-b497-63d5d20ce493

  1. IGMPv3 can filter both Receiver source address not only multicast group.
  2. Following configuration reject Membership Report and do not apply multicast routing table unless Receiver address is 10.3.3.101.
  3. IGMPv3 Membership Report Filtering means Sender address and may be specified Sender address in IGMPv3 Membership Report?

ip igmp access-group

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_i1.html#wp9202555670

When an IGMP extended access list is referenced in the ip igmp access-group command on an interface, the (S, G) pairs in the permit and deny statements of the extended access list are matched against the (S, G) pair of the IGMP reports received on the interface. The first part of the extended access list clause controls the source, and the second part of the extended access list clause controls the multicast group.
  • R3
configure terminal
!
! not works
access-list 101 permit igmp host 10.3.3.101 host 239.0.1.3
! not works, but this may correct
access-list 101 permit igmp host 10.1.1.100 host 239.0.1.3
!
interface GigabitEthernet0/2
 ip igmp version 3
 ip igmp access-group 101
!
end

I think above configuration needs explicit Sender address.
Alternatively, use ip igmp join-group.

  • R2
configure terminal
!
access-list 101 permit igmp host 10.1.1.100 host 239.0.1.3
!
interface GigabitEthernet0/0
 ip igmp version 3
 ip igmp access-group 101
!
end
  • R3
configure terminal
!
interface GigabitEthernet0/1
 ip igmp version 3
 ip igmp join-group 239.0.1.3 source 10.1.1.100
!
end

????????

/proc/sys/net/ipv4/conf/ens2/force_igmp_version
Enter ‘cat /proc/sys/net/ipv4/conf/eth0/force_igmp_version’ this will produce ‘0’ which means highest available version.
ip maddr show

Console Log

always denied except permit any any…

INCOMPLETE: Catalyst L2 Switch Configuration: IGMP Membership Report Filtering

  1. Catalyst L2 Switch IGMP Membership Report Filtering
  2. interface-id only applicable physical interface.
  3. SVI, Routerd Port, Etherchannel are not applicable.
  4. ip igmp filter command direction is inbound.
  5. Following configuration will allow between 239.0.1.1 and 239.0.1.10 Membership Report, but 239.0.1.11 will rejected.
configure terminal
!
ip igmp profile 1
 permit
 range 239.0.1.1 239.0.1.10
!
interface GigabitEthernet0/2
 ip igmp filter 1
!
end

IOSvL2 not seems supported ip igmp profile 1 syntax.

This command is introduced recent Cisco IOS XE Fuji 16.9.2 release…

Command Reference, Cisco IOS XE Fuji 16.9.x (Catalyst 9200 Switches) - IP Multicast Routing Commands [Cisco Catalyst 9200 Series Switches] - Cisco

SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#ip igmp pro
SW1(config)#ip igmp ?  
  immediate-leave  Leave groups immediately without sending last member query,
                   use for one host network only
  limit            IGMP limit
  snooping         Global IGMP Snooping enable for Catalyst Vlans
  ssm-map          SSM mapping commands
  vrf              Select VPN Routing/Forwarding instance

SW1(config)#ip igmp profile 1
                    ^
% Invalid input detected at '^' marker.

SW1(config)#do show version | include IOS
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to  V152_6_0_81_E
ROM: Bootstrap program is IOSv
Cisco IOSv () processor (revision 1.0) with 722145K/62464K bytes of memory.
SW1(config)#

Verification

Verification Commands

! show IGMP enabled interface detail
show ip igmp interface
! show IGMP Membership Report from Receiver
show ip igmp groups
!
! show IGMP Message
debug ip igmp
! show IGMP Message for specific group
debug ip igmp 239.0.1.1

debug ip igmp

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/debug/command/i1/db-i1-cr-book/db-i2.html#wp3592155909

  • Sender
msend -g 239.0.1.1 -p 8888 -text "hello multicast world" -t 60
msend -g 239.0.1.2 -p 8888 -text "hello multicast world" -t 60
msend -g 239.0.1.3 -p 8888 -text "hello multicast world" -t 60
  • Receiver
mreceive -g 239.0.1.1 -p 8888
mreceive -g 239.0.1.2 -p 8888
mreceive -g 239.0.1.3 -p 8888
show ip route ospf | begin Gateway
show ip igmp groups
show ip pim interface
show ip pim neighbor
show ip pim rp mapping
show ip mroute
show ip mroute summary
show ip mroute | begin \(
show ip mroute summary | begin \(
show ip mroute 239.0.1.1 | begin \(
show ip rpf x.x.x.x
!
debug ip mpacket
debug ip pim
debug ip mrouting
!
debug ip mpacket 239.0.1.1
debug ip pim 239.0.1.1
debug ip mrouting 239.0.1.1
  • Wireshark Display Filter

Wireshark Filter Expression Cheat Sheet

!ospf && !igmp && (pim || (icmp && icmp.type != 3 ) || ip.addr  == 224.0.0.0/4)
!ospf && (pim || (icmp && icmp.type != 3 ) || igmp || ip.addr  == 224.0.0.0/4)
igmp || (udp.port == 8888 && ip.addr  == 224.0.0.0/4)
  • Capture Filter (BPF)

tcpdump

# Exclude LOOP protocol
not ether proto 9000
# Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console) protocol
not (ether[20:2] == 0x2000 or ether proto (loopback or 0x6002))
# Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console), OSPF protocol
not (ether[20:2] == 0x2000 or ether proto (loopback or 0x6002) or ip proto ospf)
# **NOT TESTED LLDP!!** Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console), LLDP(0x88cc), OSPF protocol
not (ether[20:2] == 0x2000 or ether proto (loopback or 0x6002 or 0x88cc) or ip proto ospf)
# **NOT TESTED LLDP!!** Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console), LLDP(0x88cc), OSPF, DHCP, STP, ICMPv6 protocol
not (ether[20:2] == 0x2000 or ether proto (loopback or 0x6002 or 0x88cc) or ip proto ospf or udp port (67 or 68) or stp or icmp6)
# **NOT TESTED LLDP!!** Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console), LLDP(0x88cc), OSPF, DHCP, STP, ICMPv6, PIMv2 protocol
not (ether[20:2] == 0x2000 or ether proto (loopback or 0x6002 or 0x88cc) or ip proto ospf or udp port (67 or 68) or stp or icmp6 or pim)
# **NOT WORK DTP AND TESTED LLDP!!** Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console), LLDP(0x88cc), OSPF, DHCP, DTP(0x2004), STP, ICMPv6 protocol
not (ether[20:2] == 0x2000 or ether proto (loopback or 0x6002 or 0x88cc) or ip proto ospf or udp port (67 or 68) or ether[20:2] == 0x2004 or stp or icmp6)
network-infrastructure.multicast.igmp.a991d586.9b077244.lab1.r1ge0-0_r2ge0-1.pcapng
network-infrastructure.multicast.igmp.a991d586.9b077244.lab1.r2ge0-0_r3ge0-1.pcapng
network-infrastructure.multicast.igmp.a991d586.9b077244.lab1.r1ge0-1_r3ge0-0.pcapng
network-infrastructure.multicast.igmp.a991d586.9b077244.lab1.r3ge0-2_sw1g0-0.pcapng
network-infrastructure.multicast.igmp.a991d586.235c1e30.lab1.sw1g0-2_px-ubuntu-nw-1-ens2.pcapng

References

tech/network/cisco/multicast/l2/igmp/configuration/configuration.txt · Last modified: 2021/11/23 11:15 by wnoguchi