Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Example: Configuring IGMP Snooping on SRX Series Devices

You can enable IGMP snooping on a VLAN to constrain the flooding of IPv4 multicast traffic on a VLAN. When IGMP snooping is enabled, the device examines IGMP messages between hosts and multicast routers and learns which hosts are interested in receiving multicast traffic for a multicast group. Based on what it learns, the device then forwards multicast traffic only to those interfaces that are connected to relevant receivers instead of flooding the traffic to all interfaces.

This example describes how to configure IGMP snooping:


This example uses the following hardware and software components:

  • One SRX Series Firewall

  • Junos OS Release 18.1R1

Before you configure IGMP snooping, be sure you have:

  • Configured a VLAN, v1, on the device

  • Assigned interfaces ge-0/0/1, ge-0/0/2, ge-0/0/3, and ge-0/0/4 to v1

  • Configured ge-0/0/3 as a trunk interface

Overview and Topology

IGMP snooping controls multicast traffic in a switched network. When IGMP snooping is not enabled, the SRX Series Firewall broadcasts multicast traffic out of all of its ports, even if the hosts on the network do not want the multicast traffic. With IGMP snooping enabled, the SRX Series Firewall monitors the IGMP join and leave messages sent from each connected host to a multicast router. This enables the SRX Series Firewall to keep track of the multicast groups and associated member ports. The SRX Series Firewall uses this information to make intelligent decisions and to forward multicast traffic to only the intended destination hosts.


The sample topology is illustrated in Figure 1.

Figure 1: IGMP Snooping Sample TopologyIGMP Snooping Sample Topology

In this sample topology, the multicast router forwards multicast traffic to the device from the source when it receives a membership report for group from one of the hosts—for example, Host B. If IGMP snooping is not enabled on vlan100, the device floods the multicast traffic on all interfaces in vlan100 (except for interface ge-0/0/2.0). If IGMP snooping is enabled on vlan100, the device monitors the IGMP messages between the hosts and router, allowing it to determine that only Host B is interested in receiving the multicast traffic. The device then forwards the multicast traffic only to interface ge-0/0/2.


To configure IGMP snooping on a device:


CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure IGMP snooping:

  1. Configure the access mode interfaces.

  2. Configure the VLAN.

  3. Enable IGMP snooping and configure the device to serve as a proxy.

  4. Configure the limit for the number of multicast groups allowed on the ge-0/0/1.0 interface to 50.

  5. Configure the device to immediately remove a group membership from an interface when it receives a leave message from that interface without waiting for any other IGMP messages to be exchanged.

  6. Statically configure interface ge-0/0/4 as a multicast-router interface.

  7. Configure an interface to be an exclusively host-facing interface (to drop IGMP query messages).

  8. Configure the IGMP message intervals and robustness count.

  9. If you are done configuring the device, commit the configuration.


From configuration mode, confirm your configuration by entering the show protocols igmp-snooping command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

Verifying IGMP Snooping Operation

To verify that IGMP snooping is operating as configured, perform the following task:

Displaying IGMP Snooping Information for VLAN v1


Verify that IGMP snooping is enabled on vlan v1 and that ge-0/0/4 is recognized as a multicast-router interface.


From operational mode, enter the show igmp snooping membership command.


By showing information for vlanv1, the command output confirms that IGMP snooping is configured on the VLAN. Interface ge-0/0/4.0 is listed as a multicast-router interface, as configured. Because none of the host interfaces are listed, none of the hosts are currently receivers for the multicast group.