DES-7200 Configuration Guide Chapter 8 IGMP Snooping
Configuration
8-8
Caution
Multicast preview is supported only after release 10.4(3).
8.1.10.2 Understanding Source Port Check
Among the multicast devices released by DES-7200, certain products support
IGMP SNOOPING source port check, further enhancing network security.
IGMP SNOOPING source port check is intended to limit the ingress of IGMP
multicast traffic. When IGMP Snooping source port check is disabled, video
streams entering from any port are considered valid, the multicast device will
forward them to registered member ports as per IGMP Snooping forwarding table.
When IGMP Snooping source port check is enabled, only the multicast traffic
entering from router port will be considered valid, and layer-2 multicast device will
then forward them to the registered ports. Multicast traffic entering from
non-router port will be considered invalid and discarded.
Caution
IGMP Snooping source port check needs to use Masks. The definition of Masks
is detailed in "Access Control List Configuration". Masks are shared among
address binding, source port check and ACL, and the total number of available
masks depends on the product. Since masks are limited in number, these three
features will be affected by each other. Enabling address binding needs to
occupy two masks, and enabling source port check will also occupy two masks;
the available masks for ACL depends on the fact that whether these two
features have been enabled. Assuming that ACL can by default use up to 8
masks, if address binding or source port check is enabled, the total number of
masks available to ACL will drop to 6. If address binding and source port check
are enabled at the same time, the masks available to ACL will drop to 4. In
contrast, if ACL uses multiple masks and the remaining number of masks
cannot meet the needs of these two applications, the system will prompt that
masks resource is used up when enabling address binding and source port
check. When one of these three features cannot run normally due to the
restriction in masks, normal application of such feature can be achieved by
reducing the masks used by other two features. For example, when three
features are enabled at the same time, the system will prompt that masks are
used up when enabling port check. You can disable address binding (remove
all address bindings) or delete the ACE of ACL occupying multiple masks, so
that the source port check can be enabled normally.
When enabling IGMP Snooping or configuring router port, if source port check
is enabled, source port check may fail due to the inadequate masks resources.
The system will prompt: Source port check applying failed for hardware out of
resources. At this time, other resources shall be released first and then source
port check shall be enabled again.
8.1.10.3 Understanding Source IP Check
Among the multicast devices released by DES-7200, certain products support
IGMP SNOOPING source IP check, further enhancing network security.
IGMP SNOOPING source IP check is intended to limit the source IP address of
IGMP multicast traffic. When IGMP Snooping source IP check is disabled, all
incoming video streams are considered valid, the layer-2 multicast device will
forward them to registered member ports as per IGMP Snooping forwarding table.
When IGMP Snooping source IP check is enabled, only the multicast traffic with
the configured source IP address will be considered valid, and the multicast