How does an S series switch process packets when Layer 2 multicast references an ACL

4

In Layer 2 multicast, three functions need to reference the ACL. After an ACL is referenced, packets are processed based on ACL rules. If no rule is configured, packets are processed as follows:
- IGMP snooping group policy: In V200R001 and earlier versions, the default rule is permit. In V200R002 and later versions, if default-permit is not configured, the default rule is deny; if default-permit is configured, the default rule is permit.
- IGMP snooping prompt leave: In V200R001 and earlier versions, the default rule is permit. In V200R002 and later versions, if default-permit is not configured, the default rule is deny; if default-permit is configured, the default rule is permit.
- IGMP snooping SSM policy: The default rule is deny.

Other related questions:
How does an S series switch process UDP packets when it functions as a Layer 2 switch
If an S series switch (except the S1700) functions as a Layer 2 switch, it does not identify UDP or TCP packets by default. The switch only forwards packets based on its original MAC address table.

Configure Layer 2 ACLs on S series switches
A Layer 2 ACL with the number ranging from 4000 to 4999 can be configured on an S series switch (except the S1700 switch). A Layer 2 ACL defines rules based on information in Ethernet frame headers of packets, such as source MAC addresses, destination MAC addresses, and Layer 2 protocol types. For example, create a rule in ACL 4001 to allow the ARP packets with the destination MAC address 0000-0000-0001, source MAC address 0000-0000-0002, and Layer 2 protocol type 0x0806 to pass. [HUAWEI] acl 4001 [HUAWEI-acl-L2-4001] rule permit destination-mac 0000-0000-0001 source-mac 0000-0000-0002 l2-protocol 0x0806 Create a rule in the Layer 2 ACL deny-vlan10-mac to reject the packets from the MAC addresses ranging from 00e0-fc01-0000 to 00e0-fc01-ffff in VLAN 10. [HUAWEI] acl name deny-vlan10-mac link [HUAWEI-acl-L2-deny-vlan10-mac] rule deny vlan-id 10 source-mac 00e0-fc01-0000 ffff-ffff-0000

ACL configuration on S series switch
An ACL filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. The S series switch supports basic ACL (2000-2999), advanced ACL (3000-3999), Layer 2 ACL (4000-4999), user-defined ACL (5000-5999), USER acl (6000-9999), basic ACL6 (2000-2999), and advanced ACL6 (3000-3999). For more information about the ACL feature supported by S series switches, except S1700, click S1720&S2700&S3700&S5700&S6700&S7700&S9700 Common Operation Guide or S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples.

Layer 2 multicast entries and usage of S series switches
For an S series switch, entries fall into protocol and forwarding entries. Protocol entries include router port entries and host port entries. You can run the display igmp-snooping router-port command to check router port entries, run the display igmp-snooping port-info command to check host port entries, and run the display l2-multicast forwarding-table command to check forwarding entries. Protocol entries are triggered by protocol packets or manually generated. They are used to identify the protocol exchange status. Forwarding entries are generated based on protocol entries and are used to guide subsequent multicast data forwarding.

How is convergence performance of Layer 2 multicast accelerated on an S series switch?
When the network topology changes, Layer 2 multicast detects the topology change by responding to notification messages of ring network protocols. Layer 2 multicast sends General Query messages in the VLAN where the topology changes to re-collect group member relationships. Ring network protocols include STP, MSTP, RRPP, Smart Link, and SEP. The ring network protocols supported by the switches excluding the S1700 are as follows: - STP: supported by all switch models - MSTP: supported by all switch models excluding the S2700SI - RRPP: supported by all switch models excluding the S1720 and S2700SI - Smart Link: supported by all switch models excluding the S1720, S2700SI, S2710SI, and S2700EI - SEP: supported by all switch models excluding the S1720, S2700SI, S2710SI, and S2700EI

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top