IGMP - access group

In a Multicast environment where IGMP snooping is being used, it is possible to filter the multicast traffic that will be processed by the IGMP snooping process. This can be done using an IGMP access group.

By default, IGMP snooping will filter all unregistered multicast traffic. However, lets say I want to allow the 224.0.1.15 and 224.0.1.18 groups on VLAN 12, even though they represent unregistered multicast traffic, i.e., no host has requested multicast traffic from these sources. I’ve chosen the address arbitrarily. To create an IGMP access group and allow these groups, you can do the following:

switch(config)# ip access-list extended AllowUnregMulticast switch(config-ext-nacl)# permit igmp any host 224.0.1.15 switch(config-ext-nacl)# permit igmp any host 224.0.1.18

You can then create an IGMP access group that references this access list:

switch(config)# ip igmp access-group AllowUnregMulticast

Then you can apply this IGMP access group to the desired VLAN:

switch(config)# ip igmp snooping vlan 12 access-group AllowUnregMulticast

This configuration will allow the switch to process the specified multicast addresses, while still filtering unregistered multicast traffic on the configured VLAN.

For routers running IOS XE software that do not support IGMP access groups, an alternative method for implementing this would be to use VLAN access maps.

https://forum.networklessons.com/t/igmp-snooping/1321/96?u=lagapides

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_i1.html#wp9202555670