IGMP - access group
In a multicast environment where IGMP snooping is being used, it is possible to filter the multicast traffic that will be processed by the IGMP snooping process. This can be done using an IGMP access group.
By default, IGMP snooping will filter all unregistered multicast traffic. However, lets say I want to allow the 220.127.116.11 and 18.104.22.168 groups on VLAN 12, even though they represent unregistered multicast traffic, i.e., no host has requested multicast traffic from these sources. I’ve chosen the address arbitrarily. To create an IGMP access group and allow these groups, you can do the following:
switch(config)# ip access-list extended AllowUnregMulticast switch(config-ext-nacl)# permit igmp any host 22.214.171.124 switch(config-ext-nacl)# permit igmp any host 126.96.36.199
You can then create an IGMP access group that references this access list:
switch(config)# ip igmp access-group AllowUnregMulticast
Then you can apply this IGMP access group to the desired VLAN:
switch(config)# ip igmp snooping vlan 12 access-group AllowUnregMulticast
This configuration will allow the switch to process the specified multicast addresses, while still filtering unregistered multicast traffic on the configured VLAN.
For routers running IOS XE software that do not support IGMP access groups, an alternative method for implementing this would be to use VLAN access maps.