NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GC110: How to completely block IGMP packets on one physical port or one specific IP address ?
Hello everyone, as the topic says, I am looking for a solution that completely blocks all incoming and outgoing IGMP packets on one physical port of the switch or one specific IP address. The reas...
Here is the feedback:
After studying the manual of the GC110 a bit more intensively, the solution was much easier than I had first thought.
Step 1: Create an ACL-Name, in this case "block-igmp"
Step 2: For this ACL, create an IP extended rule with sequence number 1, which blocks all IGMP traffic from the source IP of the o2 access point
Step 3: For the same ACL, create a second IP extended rule with sequence number 2, which allows all other traffic ( match every = true )
This second rule is mandatory, because the switch by default will drop all packets which do not match any of the rules.
Step 4: Bind this ACL to the physical port where the o2 access point is connected.
Now the "IGMPv2 membership querys" which are sent from the o2 AP for some obscure reason can't enter the rest of the LAN anymore and the "Magenta TV" receivers in the LAN are working without any problems.
Until next time, Picobot
Hi JeraldM,
the problem is not the IGMP-Snooping of the GC110.
The situation at the moment is the following: As soon as the o2 AP is switched on, after a short moment the message "IGMPv2 multicast router [IP address of the o2 AP] active" appears in the event log of the Fritz!Box. If I have understood the specs of IGMP correctly, the whole LAN, including the other switches, which are capable of IMGPv3 snooping, is "downgraded" to IGMPv2. As soon as I switch off the o2 AP, after a few minutes the message "IGMPv3 multicast router [IP address of Fritz!Box] active" appears on the FB7590 after a short time and Magenta TV works again.
Since I own a second o2 AP which is located at my home, I think I was able to track down the problem with the help of wireshark. When the o2 AP is switched on, it sends the message "192.168.1.250 224.0.0.1 IGMPv2 60 Membership Query, general"
At this moment the Fritz!Box as IGMPv3 router is replaced by the o2 AP as IGMPv2 Router and the whole LAN is downgraded to IGMPv2, which is why "Magenta TV" is no longer working. After switching off the o2 AP it takes a few minutes until the message "192.168.1.254 224.0.0.1 IGMPv3 60 Membership Query, general" appears within wireshark and "Magenta TV" is working again.
So I need a filter which blocks the "192.168.1.250 224.0.0.1 IGMPv2 60 Membership Query, general" packet. I already tried to create an extended IP4 ACL rule which blocks IGMP packets from the IP address of the o2 AP. But the AP in question and the GC110 are located in a friends house and I have to tell him to reconnect the o2 AP to the gc110 to check out if my filter works like I am hoping for.
Therefore I will report back later.
Here is the feedback:
After studying the manual of the GC110 a bit more intensively, the solution was much easier than I had first thought.
Step 1: Create an ACL-Name, in this case "block-igmp"
Step 2: For this ACL, create an IP extended rule with sequence number 1, which blocks all IGMP traffic from the source IP of the o2 access point
Step 3: For the same ACL, create a second IP extended rule with sequence number 2, which allows all other traffic ( match every = true )
This second rule is mandatory, because the switch by default will drop all packets which do not match any of the rules.
Step 4: Bind this ACL to the physical port where the o2 access point is connected.
Now the "IGMPv2 membership querys" which are sent from the o2 AP for some obscure reason can't enter the rest of the LAN anymore and the "Magenta TV" receivers in the LAN are working without any problems.
Until next time, Picobot
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
