Controlling access to multicast groups, Limiting the number of igmp states on an interface – Cisco ASA 5505 User Manual
Page 499
 
26-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 26 Configuring Multicast Routing
Customizing Multicast Routing
Controlling Access to Multicast Groups
To control the multicast groups that hosts on the ASA interface can join, perform the following steps:
Detailed Steps
Limiting the Number of IGMP States on an Interface
You can limit the number of IGMP states resulting from IGMP membership reports on a per-interface 
basis. Membership reports exceeding the configured limits are not entered in the IGMP cache, and traffic 
for the excess membership reports is not forwarded.
To limit the number of IGMP states on an interface, enter the following command:
Command
Purpose
igmp static-group
Example:
hostname(config-if)# igmp static-group
group-address
Configures the ASA statically to join a multicast group on an interface.
The group-address
argument
is the IP address of the group.
Command
Purpose
Step 1
Do one of the following to create a standard or extended access list:
access-list
name standard [permit | deny]
ip_addr mask
Example:
hostname(config)# access-list acl1
standard permit 192.52.662.25
Creates a standard access list for the multicast traffic.
You can create more than one entry for a single access list. You 
can use extended or standard access lists.
The ip_addr mask argument is the IP address of the multicast 
group being permitted or denied. 
access-list
name extended [permit | deny]
protocol src_ip_addr src_mask dst_ip_addr
dst_mask
Example:
hostname(config)# access-list acl2
extended permit protocol src_ip_addr
src_mask dst_ip_addr dst_mask
Creates an extended access list.
The dst_ip_addr argument is the IP address of the multicast group 
being permitted or denied.
Step 2
igmp access-group
acl
Example:
hostname(config-if)# igmp access-group acl
Applies the access list to an interface.
The acl argument is the name of a standard or extended IP access 
list.