Configuring IGMP-snooping settings
You need to configure global IGMP-snooping settings and then configure IGMP-snooping settings on a FortiSwitch unit.
|
You cannot use IGMP snooping when network access control (NAC) has been enabled on a global scale with |
This section covers the following topics:
- Configuring global IGMP-snooping settings
- Configuring IGMP-snooping settings on a switch
- Configuring IGMP proxy
Configuring global IGMP-snooping settings
Use the following commands to configure the global IGMP-snooping settings.
Aging time is the maximum number of seconds that the system will retain a multicast snooping entry. Enter an integer value from 15 to 3600. The default value is 300.
The flood-unknown-multicast setting controls whether the system will flood unknown multicast messages within the VLAN.
config switch-controller igmp-snooping
set aging-time <15-3600>
set flood-unknown-multicast {enable | disable}
end
Configuring IGMP-snooping settings on a switch
IGMP snooping allows the FortiSwitch to passively listen to the Internet Group Management Protocol (IGMP) network traffic between hosts and routers. The switch uses this information to determine which ports are interested in receiving each multicast feed. FortiSwitch can reduce unnecessary multicast traffic on the LAN by pruning multicast traffic from links that do not contain a multicast listener.
NOTE: When an inter-switch link (ISL) is formed automatically in FortiLink mode, the igmps-flood-reports and igmps-flood-traffic options are disabled by default.
Use the following commands to configure IGMP settings on a FortiSwitch port:
config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit <port_name>
set igmps-flood-reports {enable | disable}
set igmps-flood-traffic {enable | disable}
end
end
For example:
config switch-controller managed-switch
edit S524DF4K15000024
config ports
edit port3
set igmps-flood-reports enable
set igmps-flood-traffic enable
end
end
Configuring IGMP proxy
Starting in FortiSwitchOS 6.2.0, you can also use the CLI to enable IGMP proxy, which allows the VLAN to send IGMP reports. After you enable switch-controller-igmp-snooping-proxy on a VLAN, it will start suppressing reports and leave messages. For each multicast group, only one report is sent to the upstream interface. When a leave message is received, the FortiSwitch unit will only send the leave message to the upstream interface when there are no more members left in the multicast group. The FortiSwitch unit will also reply to generic queries and will send IGMP reports to the upstream interface.
Use the following commands in FortiOS to configure IGMP proxy:
config system interface
edit "<interface_name>"
set vdom "<VDOM_name>"
set ip <IPv4_address> <network_mask>
set allowaccess {ping | https | ssh | snmp | http | telnet | fgfm | radius-acct | probe-response | fabric | ftm}
set device-identification enable
set role lan
set snmp-index <integer>
set switch-controller-igmp-snooping enable
set switch-controller-igmp-snooping-proxy enable
set color <integer>
set interface "<FortiLink_interface>"
set vlanid <integer>
next
end
For example:
config system interface
edit "port1"
set vdom "VDOM1"
set ip 172.16.16.254 255.255.255.0
set allowaccess ping https ssh http
set device-identification enable
set role lan
set snmp-index 25
set switch-controller-igmp-snooping enable
set switch-controller-igmp-snooping-proxy enable
set color 5
set interface "fortilink"
set vlanid 22
next
end