Ipv6 multicast user control policy configuration, Configuring ipv6 multicast user control policy – H3C Technologies H3C S3100 Series Switches User Manual

5-11

To do...

Use the command...

Remarks

Configure an IPv6 multicast group
filter

mld-snooping group-policy
acl6-number [ vlan vlan-list ]

Required

By default, no IPv6 group filter is
configured on an interface, that is,
hosts on the interface can join any
valid multicast group.

IPv6 Multicast User Control Policy Configuration

Configuring IPv6 Multicast User Control Policy

IPv6 multicast user control policies are configured on access switches to allow only authorized users to

receive requested IPv6 multicast flows. This helps restrict users from ordering certain

multicast-on-demand programs.

In practice, a device first needs to perform 802.1x authentication, on connected hosts through a

RADIUS server. Then, the device uses the configured multicast user control policy to perform multicast

access control on authenticated users as follows.

z

Upon receiving an MLD report from a host, the access switch checks the IPv6 multicast group

address and multicast source address carried in the report against the configured policies. If a

match is found, the user is allowed to join the multicast group; otherwise, the join report is dropped

by the access switch.

z

Upon receiving a done message from a host, the access switch matches the IPv6 multicast group

and source addresses against the policies. If a match is found, the host is allowed to leave the

group; otherwise, the done message is dropped by the access switch.

Follow these steps to configure a multicast user control policy

To do...

Use the command...

Remarks

Enter system view

system-view

—

Create a QoS profile and enter its
view

qos -profile profile-name

—

Configure a multicast user control
policy

mld-snooping access-policy
acl6-number

Required

No policy is configured by default,
that is, a host can join or leave a
valid multicast group at any time.

Return to system view

quit

—

Enter Ethernet port view

interface interface-type
interface-number

—

Configure the
mode to apply a
QoS profile as
port-based

qos-profile port-based

Apply a QoS
profile

Configure the
mode to apply a
QoS profile as
user-based

undo qos-profile port-based

Required

By default, the mode to apply a
QoS profile is user-based.

z

If the 802.1x authentication
mode is MAC address-based,
the mode to apply a QoS profile
must be configured
user-based.

z

If the 802.1x authentication
mode is port-based, the mode
to apply a QoS profile must be
configured as port-based.