cancel
Showing results for 
Search instead for 
Did you mean: 

Can IGMP be disabled on X690s, 5520s and X450G2

Can IGMP be disabled on X690s, 5520s and X450G2

Keith9
Contributor II

We had an internal IT audit and one of the findings had to do with IGMP.  Its not something we use as a financial institution.

Is there an easy command?

We use X690s at our core/aggrigation where all vlans terminate.  We use 5520's and X450G2s in our access layer.

The language of the audit finding was:

Internet Group Management Protocol (IGMP) traffic is traversing the network. IGMP is a multicast group management protocol typically used for providing media content to multiple hosts subscribed to the group. Denial of Service (DoS) vulnerabilities exist in the protocol, so it should be disabled if not in use.

1 ACCEPTED SOLUTION

CThompsonEXOS
Contributor III

The command "disable igmp" will disable it all on router interfaces.  "Disable igmp vlan <vlan name>" does it on a per vlan basis.

I would assume production is using IGMP and enabling dos-protect would be a way to protect the switches from DoS while keeping that protocol in use.

Thanks,
Chris Thompson

View solution in original post

1 REPLY 1

CThompsonEXOS
Contributor III

The command "disable igmp" will disable it all on router interfaces.  "Disable igmp vlan <vlan name>" does it on a per vlan basis.

I would assume production is using IGMP and enabling dos-protect would be a way to protect the switches from DoS while keeping that protocol in use.

Thanks,
Chris Thompson

GTM-P2G8KFN