Fortinet black logo

New Features

IGMP-snooping querier and per-VLAN IGMP-snooping proxy configuration 7.0.2

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:292185
Download PDF

IGMP-snooping querier and per-VLAN IGMP-snooping proxy configuration 7.0.2

Before FortiOS 7.0.2, you could use the CLI to enable IGMP proxy on a system-wide basis. Starting in FortiOS 7.0.2, you can use the CLI to enable IGMP proxy per FortiSwitch unit.

Starting in FortiOS 7.0.2, you can configure the IGMP-snooping querier version 2 or 3. When the IGMP querier version 2 is configured, the managed FortiSwitch unit will send IGMP version-2 queries when no external querier is present. When the IGMP querier version 3 is configured, the managed FortiSwitch unit will send IGMP version-3 queries when no external querier is present.

Follow these steps to configure the IGMP-snooping proxy and IGMP-snooping querier:

  1. Enabling IGMP snooping and the IGMP-snooping proxy.
  2. Configuring the IGMP-snooping querier.

Enabling IGMP snooping and the IGMP-snooping proxy

By default, IGMP snooping is disabled. You need to enable IGMP snooping on the FortiGate device before you can enable the IGMP-snooping proxy.

To enable IGMP snooping and the IGMP-snooping proxy:

config system interface

edit <VLAN_interface>

set switch-controller-igmp-snooping enable

set switch-controller-igmp-snooping-proxy enable

next

end

For example, you can enable IGMP snooping and the IGMP-snooping proxy on VLAN 100:

config system interface

edit vlan100

set switch-controller-igmp-snooping enable

set switch-controller-igmp-snooping-proxy enable

next

end

Configuring the IGMP-snooping querier

If you have IGMP snooping and the IGMP-snooping proxy enabled on a VLAN, you can then configure the IGMP-snooping querier on the same VLAN on a managed switch. By default, the IGMP-snooping querier is disabled.

You must enable the overriding of the global IGMP-snooping configuration with the set local-override enable command.

By default, the maximum time (aging-time) that multicast snooping entries without any packets are kept is for 300 seconds. This value can be in the range of 15-3,600 seconds.

By default, flood-unknown-multicast is disabled, and unregistered multicast packets are forwarded only to mRouter ports. If you enable flood-unknown-multicast, unregistered multicast packets are forwarded to all ports in the VLAN.

The IGMP-snooping proxy uses the global IGMP-snooping configuration by default. You can enable or disable the IGMP-snooping on the VLAN.

You can optionally specify the IPv4 address that IGMP reports are sent to. You can also set the IGMP-snooping querier version. The default IGMP querier version is 2.

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config igmp-snooping

set local-override enable

set aging-time <15-3600>

set flood-unknown-multicast {enable | disable}

config vlans

edit <VLAN_interface>

set proxy {disable | enable | global}

set querier enable

set querier-addr <IPv4_address>

set version {2 | 3}

next

end

end

end

For example:

config switch-controller managed-switch

edit S524DF4K15000024

config igmp-snooping

set local-override enable

set aging-time 1000

set flood-unknown-multicast enable

config vlans

edit vlan100

set proxy disable

set querier enable

set querier-addr 1.2.3.4

set version 3

next

end

end

end

IGMP-snooping querier and per-VLAN IGMP-snooping proxy configuration 7.0.2

Before FortiOS 7.0.2, you could use the CLI to enable IGMP proxy on a system-wide basis. Starting in FortiOS 7.0.2, you can use the CLI to enable IGMP proxy per FortiSwitch unit.

Starting in FortiOS 7.0.2, you can configure the IGMP-snooping querier version 2 or 3. When the IGMP querier version 2 is configured, the managed FortiSwitch unit will send IGMP version-2 queries when no external querier is present. When the IGMP querier version 3 is configured, the managed FortiSwitch unit will send IGMP version-3 queries when no external querier is present.

Follow these steps to configure the IGMP-snooping proxy and IGMP-snooping querier:

  1. Enabling IGMP snooping and the IGMP-snooping proxy.
  2. Configuring the IGMP-snooping querier.

Enabling IGMP snooping and the IGMP-snooping proxy

By default, IGMP snooping is disabled. You need to enable IGMP snooping on the FortiGate device before you can enable the IGMP-snooping proxy.

To enable IGMP snooping and the IGMP-snooping proxy:

config system interface

edit <VLAN_interface>

set switch-controller-igmp-snooping enable

set switch-controller-igmp-snooping-proxy enable

next

end

For example, you can enable IGMP snooping and the IGMP-snooping proxy on VLAN 100:

config system interface

edit vlan100

set switch-controller-igmp-snooping enable

set switch-controller-igmp-snooping-proxy enable

next

end

Configuring the IGMP-snooping querier

If you have IGMP snooping and the IGMP-snooping proxy enabled on a VLAN, you can then configure the IGMP-snooping querier on the same VLAN on a managed switch. By default, the IGMP-snooping querier is disabled.

You must enable the overriding of the global IGMP-snooping configuration with the set local-override enable command.

By default, the maximum time (aging-time) that multicast snooping entries without any packets are kept is for 300 seconds. This value can be in the range of 15-3,600 seconds.

By default, flood-unknown-multicast is disabled, and unregistered multicast packets are forwarded only to mRouter ports. If you enable flood-unknown-multicast, unregistered multicast packets are forwarded to all ports in the VLAN.

The IGMP-snooping proxy uses the global IGMP-snooping configuration by default. You can enable or disable the IGMP-snooping on the VLAN.

You can optionally specify the IPv4 address that IGMP reports are sent to. You can also set the IGMP-snooping querier version. The default IGMP querier version is 2.

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config igmp-snooping

set local-override enable

set aging-time <15-3600>

set flood-unknown-multicast {enable | disable}

config vlans

edit <VLAN_interface>

set proxy {disable | enable | global}

set querier enable

set querier-addr <IPv4_address>

set version {2 | 3}

next

end

end

end

For example:

config switch-controller managed-switch

edit S524DF4K15000024

config igmp-snooping

set local-override enable

set aging-time 1000

set flood-unknown-multicast enable

config vlans

edit vlan100

set proxy disable

set querier enable

set querier-addr 1.2.3.4

set version 3

next

end

end

end