Re: I just made a dumb mistake

From: John Matus (jmatus@pacbell.net)
Date: Fri Jun 17 2005 - 01:30:01 GMT-3

• Next message: John Matus: "Re: ppp reliable link vs. ppp quality link"
• Previous message: John Matus: "Re: actual lab basic config"
• Maybe in reply to: ccie2be: "I just made a dumb mistake"
• Next in thread: ccie2be: "RE: I just made a dumb mistake"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

tim, wouldn't you just look at the acl "show ip acl 5" and see if you get
any hits when you ping an admin address? i would think that would tell you
right there.

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "ccie2be" <ccie2be@nyc.rr.com>
To: "Group Study" <ccielab@groupstudy.com>
Sent: Thursday, June 16, 2005 9:39 AM
Subject: I just made a dumb mistake

> Hi guys,
>
> First of all, if anyone reading this doesn't also make dumb mistakes, STOP
> READING NOW.
>
> But, for the rest of you, here's what I did.
>
> This task required that I prevent hosts on a certain vlan from joining the
> administratively scoped range of mcast groups.
>
> No big deal. The admin scope is 239.0.0.0 - 239.255.255.255
>
> Now, here's the dumb mistake I made.
>
> Instead of denying this range in my acl, I permitted it. Dumb, I know.
>
> Since I haven't figured out a way to stop making dumb mistakes like this,
> I
> need a way to check to see if a made a dumb mistake.
>
> How could I verify that my acl is working as expected in this case?
>
> I did a show ip igmp int but that doesn't help.
>
> Ethernet0/1 is up, line protocol is up
> Internet address is 204.12.1.3/24
> IGMP is enabled on interface
> Current IGMP host version is 2
> Current IGMP router version is 2
> IGMP query interval is 60 seconds
> IGMP querier timeout is 120 seconds
> IGMP max query response time is 10 seconds
> Last member query count is 2
> Last member query response interval is 1000 ms
> Inbound IGMP access group is MCAST <----- ACL IS HERE AS
> EXPECTED
> IGMP activity: 1 joins, 0 leaves
> Multicast routing is enabled on interface
> Multicast TTL threshold is 0
> Multicast designated router (DR) is 204.12.1.3 (this system)
> IGMP querying router is 204.12.1.3 (this system)
> Multicast groups joined by this system (number of users):
> 224.0.1.40(1)
>
>
> I tried joining a group in this range with the command ip igmp join-group
> 239.39.39.39
> after applying the correct acl. And, then I pinged the group.
>
> It worked:
>
> R2#p 239.39.39.39 rep 1000
>
> Type escape sequence to abort.
> Sending 1000, 100-byte ICMP Echos to 239.39.39.39, timeout is 2 seconds:
>
> Reply to request 0 from 183.1.123.3, 52 ms
> Reply to request 0 from 183.1.123.3, 124 ms
> Reply to request 0 from 183.1.123.3, 72 ms
>
>
> So, I can't figure out how to verify this acl.
>
> Any thoughts?
>
> TIA, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: John Matus: "Re: ppp reliable link vs. ppp quality link"
• Previous message: John Matus: "Re: actual lab basic config"
• Maybe in reply to: ccie2be: "I just made a dumb mistake"
• Next in thread: ccie2be: "RE: I just made a dumb mistake"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3