Ip igmp snooping router-port-expire-time, Ip igmp snooping router, Port-expire-time – Microsens MS453490M Management Guide User Manual

C

HAPTER

37

| Multicast Filtering Commands

IGMP Snooping

– 853 –

C

OMMAND

U

SAGE

As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router

Alert Option can be used to protect against DOS attacks. One common

method of attack is launched by an intruder who takes over the role of

querier, and starts overloading multicast hosts by sending a large number

of group-and-source-specific queries, each with a large source list and the

Maximum Response Time set to a large value.

To protect against this kind of attack, (1) routers should not forward

queries. This is easier to accomplish if the query carries the Router Alert

option. (2) Also, when the switch is acting in the role of a multicast host

(such as when using proxy routing), it should ignore version 2 or 3 queries

that do not contain the Router Alert option.

E

XAMPLE

Console(config)#ip igmp snooping router-alert-option-check

Console(config)#

ip igmp snooping

router-port-expire-

time

This command configures the querier time out. Use the no form to restore

the default.

S

YNTAX

ip igmp snooping router-port-expire-time seconds
no ip igmp snooping router-port-expire-time

seconds - The time the switch waits after the previous querier stops

before it considers it to have expired. (Range: 1-65535;

Recommended Range: 300-500)

D

EFAULT

S

ETTING

300 seconds

C

OMMAND

M

ODE

Global Configuration

E

XAMPLE

The following shows how to configure the time out to 400 seconds:

Console(config)#ip igmp snooping router-port-expire-time 400

Console(config)#