From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Jun 16 2005 - 13:39:04 GMT-3
Hi guys,
First of all, if anyone reading this doesn't also make dumb mistakes, STOP
READING NOW.
But, for the rest of you, here's what I did.
This task required that I prevent hosts on a certain vlan from joining the
administratively scoped range of mcast groups.
No big deal. The admin scope is 239.0.0.0 - 239.255.255.255
Now, here's the dumb mistake I made.
Instead of denying this range in my acl, I permitted it. Dumb, I know.
Since I haven't figured out a way to stop making dumb mistakes like this, I
need a way to check to see if a made a dumb mistake.
How could I verify that my acl is working as expected in this case?
I did a show ip igmp int but that doesn't help.
Ethernet0/1 is up, line protocol is up
Internet address is 204.12.1.3/24
IGMP is enabled on interface
Current IGMP host version is 2
Current IGMP router version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 10 seconds
Last member query count is 2
Last member query response interval is 1000 ms
Inbound IGMP access group is MCAST <----- ACL IS HERE AS
EXPECTED
IGMP activity: 1 joins, 0 leaves
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 204.12.1.3 (this system)
IGMP querying router is 204.12.1.3 (this system)
Multicast groups joined by this system (number of users):
224.0.1.40(1)
I tried joining a group in this range with the command ip igmp join-group
239.39.39.39
after applying the correct acl. And, then I pinged the group.
It worked:
R2#p 239.39.39.39 rep 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 239.39.39.39, timeout is 2 seconds:
Reply to request 0 from 183.1.123.3, 52 ms
Reply to request 0 from 183.1.123.3, 124 ms
Reply to request 0 from 183.1.123.3, 72 ms
So, I can't figure out how to verify this acl.
Any thoughts?
TIA, Tim
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3