Disabling Igmp On An Interface; Configuring Group Membership; Configuring A Statically Joined Group; Controlling Access To Multicast Groups - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 11
Configuring Multicast Routing
Disabling IGMP on an Interface
You can disable IGMP on specific interfaces. This is useful if you know that you do not have any
multicast hosts on a specific interface and you want to prevent the security appliance from sending host
query messages on that interface.
To disable IGMP on an interface, enter the following command:
hostname(config-if)# no igmp
To reenable IGMP on an interface, enter the following command:
hostname(config-if)# igmp
Only the no igmp command appears in the interface configuration.
Note
Configuring Group Membership
You can configure the security appliance to be a member of a multicast group. Configuring the security
appliance to join a multicast group causes upstream routers to maintain multicast routing table
information for that group and keep the paths for that group active.
To have the security appliance join a multicast group, enter the following command:
hostname(config-if)# igmp join-group group-address
Configuring a Statically Joined Group
Sometimes a group member cannot report its membership in the group, or there may be no members of
a group on the network segment, but you still want multicast traffic for that group to be sent to that
network segment. You can have multicast traffic for that group sent to the segment in one of two ways:
•
•
To configure a statically joined multicast group on an interface, enter the following command:
hostname(config-if)# igmp static-group group-address
Controlling Access to Multicast Groups
To control the multicast groups that hosts on the security appliance interface can join, perform the
following steps:
Create an access list for the multicast traffic. You can create more than one entry for a single access list.
Step 1
You can use extended or standard access lists.
•
OL-10088-01
Using the igmp join-group command (see
causes the security appliance to accept and to forward the multicast packets.
Using the igmp static-group command. The security appliance does not accept the multicast
packets but rather forwards them to the specified interface.
To create a standard access list, enter the following command:
Configuring Group Membership, page
Cisco Security Appliance Command Line Configuration Guide
Configuring IGMP Features
11-15). This
11-15
Advertisement
Table of Contents
Troubleshooting
