Configuring IGMP Snooping with VXLAN

By snooping IGMP messages it is possible to determine the (local) port membership for multicast groups.

It is also possible to include the logical ports associated with VXLAN tunnels and their remote VTEPs when IGMP messages are snooped on remote overlay network nodes.

The following command supports this feature:


CLI (network-admin@switch) > igmp-snooping-modify vxlan|no-vxlan


Enable IGMP on VXLAN. Disabled by default.


CLI (network-admin@switch) > igmp-snooping-modify vxlan

CLI (network-admin@switch) > igmp-snooping-show


enable:                       yes

vxlan:                        yes

enable-vlans:                 1-4092

snoop-link local-vlans:       none

To disable it:

CLI (network-admin@switch) > igmp-snooping-modify no-vxlan

CLI (network-admin@switch) > igmp-snooping-show

enable:                yes

vxlan:                 no

enable-vlans:          1-4092

snoop-linklocal-vlans: none


Informational Note: IGMP Snooping is enabled by default while the VXLAN option is disabled by default.

Let us consider an  example: Assume that IGMP join messages for group (from source are received on a tunnel associated with VLAN 10 (with VNI 10), as shown in the command output below:

CLI (network-admin@switch) > vlan-show vxlan 10

id   type   vxlan vxlan-type replicators scope description active stats    ports        untagged-ports active-edge-ports

---- ------ ----- ---------- ----------- ----- ----------- ------ ----- --------------- -------------  -------------

10   public  10    user       none       local  vlan-10     yes    no    9,41,69-72,253   9              9

Group IP is associated to source IP and its port membership list only contains the logical port ID (12755068416) associated with a VXLAN tunnel:

CLI (network-admin@switch) > igmp-show group-ip


group-ip   node-ip   vlan  port        source  node-type expires

--------  -------    ----  ----------- ------- --------- -------   10   12755068416   host      241

You can check the tunnel info (such as its associated VTEP IP addresses) corresponding to logical port 1275068416 with the following command:

CLI (network-admin@switch) > tunnel-show tunnelID 1275068416

scope:              local

name:               auto-tunnel-70

type:               vxlan

vrouter-name:       vr1



router-if:          eth1.4092


next-hop-mac:       66:0e:94:70:61:7f

remote-switch:      0

active:             yes

state:              ok

bfd:                disabled

bfd-state:          unknown



ports:              19

auto-tunnel:        auto

You can also verify that the L2 table contains the MAC address corresponding to group IP (i.e., 01:00:5e:01:01:01):

CLI (network-admin@switch) > l2-table-hw-show mac 01:00:5e:01:01:01

mac          vlan  vxlan  ports   state            hw-flags  mc-index

-----------------  ----- -----  -----  ----------------   ------- ---------

01:00:5e:01:01:01   10    10    none   active,static,hit            201326595