Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Example: Configuring MLD Snooping on SRX Series Devices

You can enable MLD snooping on a VLAN to constrain the flooding of IPv6 multicast traffic on a VLAN. When MLD snooping is enabled, SRX Series Firewall examines MLD messages between hosts and multicast routers and learns which hosts are interested in receiving multicast traffic for a multicast group. Based on what it learns, the device then forwards IPv6 multicast traffic only to those interfaces connected to interested receivers instead of flooding the traffic to all interfaces.

This example describes how to configure MLD snooping:


This example uses the following software and hardware components:

  • One SRX Series Firewall

  • Junos OS Release 18.1R1

Before you configure MLD snooping, be sure you have:

  • Configured the vlan100 VLAN on the device

  • Assigned interfaces ge-0/0/0, ge-0/0/1, ge-0/0/2, and ge-0/0/3 to vlan100

  • Configured ge-0/0/3 as a trunk interface.

Overview and Topology

In this example, interfaces ge-0/0/0, ge-0/0/1, and ge-0/0/2 on the device are in vlan100 and are connected to hosts that are potential multicast receivers. Interface ge-0/0/3, a trunk interface also in vlan100, is connected to a multicast router. The router acts as the MLD querier and forwards multicast traffic for group 2001:db8::1 to the device from a multicast source.


The example topology is illustrated in Figure 1.

Figure 1: Example MLD Snooping TopologyExample MLD Snooping Topology

In this example topology, the multicast router forwards multicast traffic to the device from the source when it receives a memberhsip report for group 2001:db8::1 from one of the hosts—for example, Host B. If MLD snooping is not enabled on vlan100, then the device floods the multicast traffic on all interfaces in vlan100 (except for interface ge-0/0/3). If MLD snooping is enabled on vlan100, the device monitors the MLD messages between the hosts and router, allowing it to determine that only Host B is interested in receiving the multicast traffic. The device then forwards the multicast traffic only to interface ge-0/0/1.

This example shows how to enable MLD snooping on vlan100. It also shows how to perform the following optional configurations, which can reduce group join and leave latency:

  • Configure immediate leave on the VLAN. When immediate leave is configured, the device stops forwarding multicast traffic on an interface when it detects that the last member of the multicast group has left the group. If immediate leave is not configured, the device waits until the group-specific membership queries time out before it stops forwarding traffic

  • Configure ge-0/0/3 as a static multicast-router interface. In this topology, ge-0/0/3 always leads to the multicast router. By statically configuring ge-0/0/3 as a multicast-router interface, you avoid any delay imposed by the device having to learn that ge-0/0/3 is a multicast-router interface.


To configure MLD snooping on a device:


CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure MLD snooping:

  1. Configure the access mode interfaces.

  2. Configure the trunk mode interface.

  3. Configure the VLAN.

  4. Configure nonstop routing

  5. Configure the limit for the number of multicast groups allowed on the ge-0/0/1.0 interface to 50.

  6. Configure the device to immediately remove a group membership from an interface when it receives a leave message from that interface without waiting for any other MLD messages to be exchanged.

  7. Statically configure interface ge-0/0/2.0 as a multicast-router interface.

  8. Configure an interface to be an exclusively router-facing interface (to receive multicast traffic).

  9. Configure an interface to be an exclusively host-facing interface (to drop MLD query messages).

  10. Configure the IGMP message intervals and robustness count.

  11. If you are done configuring the device, commit the configuration.


From configuration mode, confirm your configuration by entering the show protocols mld-snooping command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

Verifying MLD Snooping Configuration

To verify that MLD snooping is enabled on the VLAN and the MLD snooping forwarding interfaces are correct, perform the following task:

Verifying MLD Snooping Interface Membership on VLAN vlan100


Verify that MLD snooping is enabled on vlan100 and that the multicast-router interface is statically configured:


From operational mode, enter the show mld snooping membership command.


MLD snooping is running on vlan100, and interface ge-0/0/3.0 is a statically configured multicast-router interface. Because the multicast group 2001:db8::1 is listed, at least one host in the VLAN is a current member of the multicast group and that host is on interface ge-0/0/1.0.