IGMP - using VLAN access maps to filter multicast traffic
In a Multicast environment where IGMP snooping is being used, it is possible to filter the multicast traffic that will be processed by the IGMP snooping process. This can be done using an IGMP access group.
However, Cisco devices running IOS XE do not support IGMP access groups.
Yes, alternatively, you can use a VLAN access map to filter out multicast traffic based on the desired address. Here is a sample configuration to achieve this. Let’s say I want to allow the 224.0.1.15 and 224.0.1.18 groups on VLAN 12:
Create an access list that matches the addresses I want:
switch(config)# ip access-list extended AllowUnregMulticast
switch(config-ext-nacl)# permit igmp any host 224.0.1.15
switch(config-ext-nacl)# permit igmp any host 224.0.1.18
switch(config-ext-nacl)# exit
switch(config)#
Then I create a VLAN access map and match the ACL I created before and forward that matched traffic, and drop unmatched traffic:
switch(config)# vlan access-map FilterMulticast 10
switch(config-access-map)# match ip address AllowUnregMulticast
switch(config-access-map)# action forward
switch(config-access-map)# exit
switch(config)# vlan access-map FilterMulticast 20
switch(config-access-map)# action drop
switch(config-access-map)# exit
switch(config)#
Finally, you can now apply the VLAN access map to the VLAN you want to filter multicast traffic for:
switch(config)# vlan filter FilterMulticast vlan-list 12
Links
https://networklessons.com/cisco/ccie-enterprise-infrastructure/vlan-access-list-vacl