IGMP - using VLAN access maps to filter multicast traffic

In a Multicast environment where IGMP snooping is being used, it is possible to filter the multicast traffic that will be processed by the IGMP snooping process. This can be done using an IGMP access group.

However, Cisco devices running IOS XE do not support IGMP access groups.

Yes, alternatively, you can use a VLAN access map to filter out multicast traffic based on the desired address. Here is a sample configuration to achieve this. Let’s say I want to allow the 224.0.1.15 and 224.0.1.18 groups on VLAN 12:

Create an access list that matches the addresses I want:

switch(config)# ip access-list extended AllowUnregMulticast
switch(config-ext-nacl)# permit igmp any host 224.0.1.15
switch(config-ext-nacl)# permit igmp any host 224.0.1.18
switch(config-ext-nacl)# exit
switch(config)#

Then I create a VLAN access map and match the ACL I created before and forward that matched traffic, and drop unmatched traffic:

switch(config)# vlan access-map FilterMulticast 10
switch(config-access-map)# match ip address AllowUnregMulticast
switch(config-access-map)# action forward
switch(config-access-map)# exit

switch(config)# vlan access-map FilterMulticast 20
switch(config-access-map)# action drop
switch(config-access-map)# exit
switch(config)#

Finally, you can now apply the VLAN access map to the VLAN you want to filter multicast traffic for:

switch(config)# vlan filter FilterMulticast vlan-list 12

https://forum.networklessons.com/t/igmp-snooping/1321/100?u=lagapides

https://networklessons.com/cisco/ccie-enterprise-infrastructure/vlan-access-list-vacl

Links to this page: