This is a followup post to the first one on SSM. The topology is still the same.

If you want to find it in the documentation it is found in the IGMP configuration guide

I guess the reason to place it under IGMP is that SSM requires IGMPv3. To find SSM mapping go to Products-> Cisco IOS and NX-OS Software-> Cisco IOS-> Cisco IOS Software Release 12.4 Family-> Cisco IOS Software Releases 12.4T-> Configure-> Configuration Guides-> IP Multicast Configuration Guide Library, Cisco IOS Release 12.4T-> IP Multicast: IGMP Configuration Guide, Cisco IOS Release 12.4T-> SSM mapping

So why would we use SSM mapping in the first place? IGMPv3 is not supported everywhere yet. Maybe the Set Top Box (STB) is not supporting IGMPv3 but your ISP wants to support SSM. Then some transition mechanism must be used. There are a few options available like IGMPv3 lite, URD and SSM mapping. IGMPv3 lite is daemon running on the host supporting a subset of IGMPv3 until proper IGMPv3 has been implemented. With URD a router intercepts the URL requests from the user and the router joins the multicast stream to the correct source even though the user is not sending IGMPv3 reports. This requires that the multicast group and source is coded into the web page with links to the multicast streams.

SSM mapping takes IGMPv2 reports and convert them to IGMPv3. We can either use a DNS server and query it for sources or use static mappings as I will explain here. Static mapping is done on the Last Hop Router (LHR) and it is fairly simple. This is how we configure it.

R2(config)#access-list 2 permit
R2(config)#ip igmp ssm-map enable
R2(config)#ip igmp ssm-map static 2
R2(config)#no ip igmp ssm-map query dns

The config is pretty self explanatory. First we create an access-list that defines the groups to be used for SSM mapping. Then we enable SSM mapping. Then we tie together the ACL with the sources that are allowed to send to those groups. Now we need to verify the mapping. First we take a look at R2 with show ip igmp ssm-mapping.

R2#show ip igmp ssm-mapping
SSM Mapping  : Enabled
DNS Lookup   : Disabled
Mcast domain :
Name servers :

Looks good so far. We will use R3 to simulate a client joining to via IGMPv2. We will debug IGMP to see the report coming in. R3 will join the group via the igmp join-group command. One thing is important to note here. Usually we configure ip igmp-join group on downstream interface to simulate LAN segment and then PIM Join is sent upstream. In this case we want only IGMP join to be sent so therefore we configure the igmp join-group on the upstream interface. Also no PIM should be enabled. This makes the router act as a pure host and not do any multicast routing. What would happen otherwise is that the router will have RPF failures when the source is sending traffic because for traffic not in SSM mode a RPF lookup is done against the RP. Since no RP is configured the RPF would fail, as a workaround we can configure a static RP even though it isn’t really used it would make the RPF check pass.

R3(config)int fa0/0
R3(config-if)#ip igmp join-group

This is the debug output from R3.

IGMP(0): Send v2 Report for on FastEthernet0/0

We can clearly see that IGMPv2 report was sent. Now we go to R2 to see if it is converting the IGMPv2 join to IGMPv3.

IGMP(0): Received v2 Report on FastEthernet0/0 from for
IGMP(0): Convert IGMPv2 report (*, to IGMPv3 with 1 source(s) using STATIC

It is clear that the conversion is taking place. We look in the MRIB as well.

sh ip mroute | be (
(*,, 03:18:48/00:02:54, RP, flags: DCL
  Incoming interface: Null, RPF nbr
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 03:18:48/00:02:54
    Serial0/0, Forward/Sparse, 03:18:48/00:02:44

(,, 03:18:26/00:02:57, flags: sTI
  Incoming interface: Serial0/0, RPF nbr
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse, 03:18:26/00:02:57

We see that we now have (S,G) joins in R2! As a final step we will also verify in R1.

sh ip mroute | be (
(*,, 03:20:44/stopped, RP, flags: DCL
  Incoming interface: Null, RPF nbr
  Outgoing interface list:
    Serial0/1, Forward/Sparse, 03:20:44/00:00:49

(*,, 03:20:43/stopped, RP, flags: SP
  Incoming interface: Null, RPF nbr
  Outgoing interface list: Null

(,, 00:01:01/00:02:28, flags: T
  Incoming interface: Null, RPF nbr
  Outgoing interface list:
    Serial0/0, Forward/Sparse, 00:01:01/00:03:27

Now the ping should be successful.

Protocol [ip]:
Target IP address:
Repeat count [1]: 5
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Interface [All]: serial0/0
Time to live [255]:
Source address:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Packet sent with a source address of

Reply to request 0 from, 16 ms
Reply to request 1 from, 16 ms
Reply to request 2 from, 16 ms
Reply to request 3 from, 16 ms
Reply to request 4 from, 16 ms

So the important thing here is to make R3 act as a pure host otherwise it will not work. This is a bit overkill for verification but I just wanted to show how it could be done.

Multicast – SSM mapping
Tagged on:                 

6 thoughts on “Multicast – SSM mapping

  • June 23, 2012 at 3:21 am

    so though R2’s fa0/0 configured with IGMP version 3 it still can allow IGMP version 2 end hosts (R3 Fa0/0) connected to it due to backward Compatibility ?? Is my understanding correct? so if you apply IGMP extended ACL in R2′ fa0/0 interface can it block IGMP version 2 client as well?

    • June 23, 2012 at 8:11 am

      Yes. IGMP is backwards compatible so you can run IGMPv3 for SSM and IGMPv2 for ASM. If you need SSM for IGMPv2 then you need mappings of course. You can filter both SSM and ASM with IGMP ACL depending on the syntax you use.

  • June 23, 2012 at 12:34 pm

    Thanks Daniel. Great info.

  • August 1, 2012 at 10:17 pm

    thx for your post , if i need the LAN interface on R3 to join the multicast group what should be added on R3 for SSM configuration to work properly.


Leave a Reply

Your email address will not be published. Required fields are marked *