Filter Multicast Traffic on VLAN
Hi group,
I was labbing up some multicast stuff. I just received a question to filter multicast traffi of a specific group on a VLAN
Lab setup SW1 |
Categories: Uncategorized Tags:
Hi group,
I was labbing up some multicast stuff. I just received a question to filter multicast traffi of a specific group on a VLAN
Lab setup SW1 |
Categories: Uncategorized Tags:
Just write an ACL to block 224.0.1.39
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
I have done some more investigation and testing. I think I have got the solution. I did it with multicast boundary ip access-l sta M-BOUND permit 232.5.5.5 permit 232.6.6.6 permit 224.0.1.39 permit 224.0.1.40 deny any int vlan 100 ip multicast bound M-BOUND end SW1 is replying to 232.5.5.5 and 6.6.6.6 and I only receive a reply from R4 to 232.55.55.55
Are there any other options to filter this multicast traffic on this VLAN. Or is multicast boundary my only option
Kind regards,
Maarten Vervoorn 2010/7/29 Maarten Vervoorn
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
Yes I’m using rp-annouce-filter on the mapping agent(SW1). But it still needs to permit 232.55.55.55 on the RP SW2 because R4 needs that traffic. So yes I can filter it but than R4 won’t receive the traffic. below is how my filter on the mapping agent looks like.
ip access-list standard M-SW2 permit 232.55.55.55 permit 232.5.5.5 ip access-list standard M-SW3 permit 232.6.6.6 ip access-list standard SW2 permit 8.8.20.20 ip access-list standard SW3 permit 8.8.30.30 ! ip access-list standard ALL deny 8.8.20.20 deny 8.8.30.30 permit any ! ip access-list standard M-ALL deny 224.0.0.0 15.255.255.255 ! ip pim rp-announce-filter rp-list SW2 group-list M-SW2 ip pim rp-announce-filter rp-list SW3 group-list M-SW3 ip pim rp-announce-filter rp-list ALL group-list M-ALL ! Kind regards,
Maarten Vervoorn
2010/7/29 Adrian Brayton
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
Yeah that would be the easy way. But still I do not want clients to be able to receive that traffic. If there were clients behind SW1 who aren’t allowed to receive this traffice (like Loopback of SW1) I cannot stop them from doing a IGMP join. I want it to be impossible for them to receive this traffic A multicast boundary does the job. I have tested it out. But I was wondering if there are any other option to filter it out
2010/7/29 Adrian Brayton
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
if you want to stop them from joining the group check out the command ‘*ip igmp profile’* * * * http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swigmp.html#wp1055584 * * * * *– Garry L. Baker
“There is no ‘patch’ for stupidity.” – http://www.sqlsecurity.com
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html