Re: Restrict to not to join the multicast group

From: ccie2be (ccie2be@nyc.rr.com)
Date: Sat Nov 06 2004 - 09:13:13 GMT-3

• Next message: Rodrigo Paes: "CERIFIED !!!!!!!"
• Previous message: Ali Fahmi : "hunt group on FXO ports"
• Maybe in reply to: Cisco Net: "Restrict to not to join the multicast group"
• Next in thread: ccie2be: "Re: Restrict to not to join the multicast group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Off the top of my head, the idea that comes to mind is this.

Since you know the mcast group in the form of an ip address you want to
block, for example, 232.22.33.1, perhaps this ip address should be converted
to it's mac address equivalent. Beau Williamson covers how this is done in
his book.

Once converted to it's mac address form, then create a mac acl to block that
particular address and apply it to the appropriate port.

What I just described blocks mcast traffic to/from that mcast group, and
thus indirectly prevents joins to that group.

But, I'm not sure I understand the concept of blocking a igmp join on a L2
interface. What exactly does that mean?

On a router's L3 interface, the concept is clear - any igmp joins for a
given mcast group coming from hosts on that interface are dropped.

But, typically, hosts aren't directly connected to a router interface,
they're connected indirectly via a switch. And switches don't speak igmp.
igmp is a protocol used only between hosts and routers. So, how can a
switch drop igmp joins if a switch doesn't speak igmp?

Out of the box, switches treat mcast packets as broadcasts - they flood all
mcast packets to all ports except the port on which the mcast packet was
received. To override this default behavior, Cisco developed cgmp which is
supported on the older Cat 5000 line of switches but not on the 3550. On
3550, there's igmp snooping which accomplishes pretty much the same thing
but using a different technique. Perhaps, and I don't know this, there's a
way to configure igmp snooping that does what you're looking for.

HTH, Tim

----- Original Message -----
From: "Cisco Net" <network.cisco@gmail.com>
To: "Group Study" <ccielab@groupstudy.com>
Sent: Friday, November 05, 2004 9:34 PM
Subject: Restrict to not to join the multicast group

> Hi
> I am wondering is there any way i can restrict a L2 (switch port to not
join
> for a specific multicast group) ?
>
> Using "ip igmp access-group xx" i can define to not join for L3 ports.
> Not sure how to do on L2 ports ?
>
> Please let me know if you know it..
>
> Regards
> Cert
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Rodrigo Paes: "CERIFIED !!!!!!!"
• Previous message: Ali Fahmi : "hunt group on FXO ports"
• Maybe in reply to: Cisco Net: "Restrict to not to join the multicast group"
• Next in thread: ccie2be: "Re: Restrict to not to join the multicast group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:39 GMT-3