Table of Contents
Advertisement
SSE-G2252/SSE-G2252P Switches User's Manual
ip igmp snooping router-alert-option-check
This command discards any IGMPv2/v3 packets that do not include the Router Alert
option. Use the no form to ignore the Router Alert Option when receiving IGMP
messages.
Syntax
[no] ip igmp snooping router-alert-option-check
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router Alert Option
can be used to protect against DOS attacks. One common method of attack is launched
by an intruder who takes over the role of querier, and starts overloading multicast hosts
by sending a large number of group-and-source-specific queries, each with the
Maximum Response Time set to a large value.
To protect against this kind of attack, (1) routers should not forward queries. This is
easier to accomplish if the query carries the Router Alert option. (2) Also, when the
switch is acting in the role of a multicast host (such as when using proxy routing), it
should ignore version 2 or 3 queries that do not contain the Router Alert option.
Example
SSE-G2252(config)#ip igmp snooping router-alert-option-check
SSE-G2252(config)#
38-6
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
