Switching

Expand all | Collapse all

Why port security (dhcp-snooping) blocks multicast (igmp-snooping)?

  • 1.  Why port security (dhcp-snooping) blocks multicast (igmp-snooping)?

    Posted 02-02-2021 04:18
    I have an IGMP-Snooping function on clients access ports on Ex switches to receive a multicast traffic, the customer asked to enable DHCP-snooping on clients vlan

    I enable this function

    Set Vlans Users Forwarding-Options DHCP-Security Group TRUST-DHCP Overrides Trusted
    Set Vlans Users Forwarding-Options DHCP-Security Group TRUST-DHCP Interface AE0.0​

    After that, users stopped receiving a multicast traffic via IGMP-Snooping. Please tell me what could be the problem and how to properly configure IGMP-SNOOPING and DHCP-SECURITY? Thanks!


  • 2.  RE: Why port security (dhcp-snooping) blocks multicast (igmp-snooping)?

    Posted 02-02-2021 05:09
    What is your platform and Junos version ?
    Just poking this as other will know igmp-snooping better than I .
    run show igmp snooping  vlan users

    For dhcp snooping  you need to include  set Vlans Users Forwarding-Options DHCP-Security ip-source-guard
    You  dont need to enable DAI  (some versions they are both enabled / disabled at the same time) . Unless your needing it deactivate DAI as ive seen it do funky things .
    There is a difference ive seen in the  dhcp-security tables.    
     run show dhcp-security binding ip-source-guard | count
     run show dhcp-security binding | count    ** this should show all the binds even it fthey are not put into the  ip-sourge-gaurd table IE number could be bigger


  • 3.  RE: Why port security (dhcp-snooping) blocks multicast (igmp-snooping)?

    Posted 02-02-2021 06:59
    Sorry! My configuration with out DAI, ISG next:

    Juniper EX 2300
    set version 18.1R3.3

    set vlans USERS forwarding-options dhcp-security group TRUST-DHCP overrides trusted
    set vlans USERS forwarding-options dhcp-security group TRUST-DHCP interface ae0.0