HPE Community
HPE Aruba Networking & ProVision-based
1831408 Members
3160 Online
110025 Solutions
New Discussion

Filtering IGMP with ACL

 
Paul.Kraus
Occasional Advisor

‎04-04-2012 04:33 AM

‎04-04-2012 04:33 AM

Filtering IGMP with ACL

Hello,

 

I am trying to filter IGMP traffic on a ProCurve 3800 switch, but the packets to not seem to be captured by the ACL.

 

For testing, I applied an ACL to a specific VLAN as "input" containing an ACE that permits IGMP from the subnet of the VLAN to any destination.  I would expect to see the counter for that ACE to increase when a PC on that VLAN sends an IGMP Report for a specific multicast destination.  However, the counter remains at zero.

 

The switch is running ip multicast routing, has PIM-Dense enabled on the VLAN where the IGMP requests come from, and I have verified that the switch is the IGMP Querier on that VLAN.

 

On a PC connected to the VLAN, I can see the IGMP Report packets being sent by the PC, and they must be arriving to the 3800 switch since it is forwarding the multicast traffic.

 

Is there some mechanism that causes the switch to intercept the IGMP packets before being processed by the ACL applied as a RACL to the VLAN?  Is there some other way to filter the IGMP traffic at the VLAN level.  For ease of management, I don't want to have to apply it at the port level.

 

Thanks for any explanations or suggestions.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.