Table of Contents
Advertisement
D
Disabled
C
Global Configuration
C
As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router
Alert Option can be used to protect against DOS attacks. One common
method of attack is launched by an intruder who takes over the role of
querier, and starts overloading multicast hosts by sending a large number
of group-and-source-specific queries, each with the Maximum Response
Time set to a large value.
To protect against this kind of attack, (1) routers should not forward
queries. This is easier to accomplish if the query carries the Router Alert
option. (2) Also, when the switch is acting in the role of a multicast host
(such as when using proxy routing), it should ignore version 2 or 3 queries
that do not contain the Router Alert option.
E
This command configures the querier time out. Use the no form to restore
ip igmp snooping
the default.
router-port-expire-
time
S
D
300 seconds
C
Global Configuration
E
The following shows how to configure the time out to 400 seconds:
S
EFAULT
ETTING
M
OMMAND
ODE
U
OMMAND
SAGE
XAMPLE
Console(config)#ip igmp snooping router-alert-option-check
Console(config)#
YNTAX
ip igmp snooping router-port-expire-time seconds
no ip igmp snooping router-port-expire-time
seconds - The time the switch waits after the previous querier stops
before it considers it to have expired. (Range: 1-65535;
Recommended Range: 300-500)
S
EFAULT
ETTING
M
OMMAND
ODE
XAMPLE
Console(config)#ip igmp snooping router-port-expire-time 400
Console(config)#
– 891 –
| Multicast Filtering Commands
C
36
HAPTER
IGMP Snooping
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
