Ip Igmp Snooping Router-Port-Expire-Time - Edge-Core ECS4810-12M Layer 2 Management Manual

| Multicast Filtering Commands
C 39
HAPTER
IGMP Snooping
ip igmp snooping
router-port-
expire-time
D S
EFAULT ETTING
Disabled
C M
OMMAND ODE
Global Configuration
C U
OMMAND SAGE
As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router
Alert Option can be used to protect against DOS attacks. One common
method of attack is launched by an intruder who takes over the role of
querier, and starts overloading multicast hosts by sending a large number
of group-and-source-specific queries, each with a large source list and the
Maximum Response Time set to a large value.
To protect against this kind of attack, (1) routers should not forward
queries. This is easier to accomplish if the query carries the Router Alert
option. (2) Also, when the switch is acting in the role of a multicast host
(such as when using proxy routing), it should ignore version 2 or 3 queries
that do not contain the Router Alert option.
E
XAMPLE
Console(config)#ip igmp snooping router-alert-option-check
Console(config)#
This command configures the querier time out. Use the no form to restore
the default.
S
YNTAX
ip igmp snooping router-port-expire-time seconds
no ip igmp snooping router-port-expire-time
seconds - The time the switch waits after the previous querier stops
before it considers it to have expired. (Range: 1-65535;
Recommended Range: 300-500)
D S
EFAULT ETTING
300 seconds
C M
OMMAND ODE
Global Configuration
E
XAMPLE
The following shows how to configure the time out to 400 seconds:
Console(config)#ip igmp snooping router-port-expire-time 400
Console(config)#
– 1182 –