What is IGMP Snooping? Explanation and Examples

IGMP snooping is a technique that network switches utilize to minimize flooding of IPv4 multicast traffic and optimize forwarding by sending multicast traffic only to receivers who are interested. Unicast traffic in Cisco switches discovers layer 2 MAC addresses and their corresponding physical ports by looking upon the Layer 2 MAC address source, which can be found in the MAC address table.

If a MAC address is received but is not advertised on the MAC address table, it is treated as an unknown frame, and it will be then forwarded to all the ports on the same VLAN, excluding the port where the frame originated. Receivers that are not interested will recognize that the destination MAC address in the frame does not belong to them and discard the packet.


How Does Internet Group Management Protocol Snooping Function?

A network switch determines to forward multicast traffic with IGMP snooping enabled so that it maintains the information about the interfaces in its multicast forwarding table:

  1. Multicast Router Interfaces – these ports go to the multicast routers or IGMP queriers.
  2. Group Member Interfaces – interfaces that are going to the hosts that are members of the multicast groups.


If you enable IGMP snooping on a network device, it discovers the interfaces by looking at the IGMP traffic and when that port receives an IGMP query or Protocol Independent Multicast (PIM) updates. The switch updates its multicast forwarding table as a multicast router interface. Once an interface receives membership reports for a multicast group, it adds them to its multicast forwarding table as a group-member interface.

Interfaces that are discovered are populated on the MAC address table and are able to receive the specific multicast traffic. The learned interface on the MAC table age out after a certain period. If the interface does not receive IGMP queries or PIM updates within a given time, the multicast streams are halted.

IGMP Snooping


IGMP Snooping Benefits

Here are some of the advantages of enabling IGMP Snooping on our switches.

  1. Bandwidth usage optimized – IGMP snooping lessens the burden on the network by reducing flooding of packets because the switch forwards IPv4 multicast datagrams selectively to ports that are interested in the multicast stream instead of suffocating all the ports on the VLAN.
  2. Security Improvement – IGMP snooping mitigates the risk of Denial of Service (DoS) attacks from untrusted sources by dropping unknown MAC addresses.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: