From: Venkataramanaiah.R (vramanaiah@gmail.com)
Date: Tue Oct 11 2005 - 13:22:41 GMT-3
You will not see *,G entries for the denied groups, if the IGMP Client is on
the R2 ethernet segment. In your case R8 is the igmp client (Do not consider
R8 as a Router).
You must see the *,G entries on R2, if you had IGMP clients beyond R8. Of
course, assuming you are running PIM SM/SDM throughout that path. I can't
test this right now, but share with the group, if you happen to test this.
-V
On 10/11/05, Ashok M A <ashok_ccie@yahoo.co.in> wrote:
>
> Thanks Venkat for the reply.
>
> So if i configure the igmp access-group on the router
> connecting the member, why i cant see the (*,G) on the
> router?
>
> Config is:
> ~~~~~
> R2#sri e0
> Building configuration...
>
> Current configuration : 115 bytes
> !
> interface Ethernet0
> ip address 22.22.22.2 <http://22.22.22.2>
255.255.255.0<http://255.255.255.0>
> ip pim sparse-dense-mode
> ip igmp access-group 33
> end
>
> R2#
>
> R2#show access-lists 33
> Standard IP access list 33
> permit 224.1.1.2 <http://224.1.1.2>
> deny 224.1.1.7 <http://224.1.1.7> (7 matches)
> permit any (15 matches)
> R2#
>
> R2#sh ip igmp groups
> IGMP Connected Group Membership
> Group Address Interface Uptime
> Expires Last Reporter
> 224.0.1.39 <http://224.0.1.39> Ethernet0 1d22h
> 00:02:03 22.22.22.2 <http://22.22.22.2>
> 224.1.1.8 <http://224.1.1.8> Ethernet0 23:40:44
> 00:02:57 22.22.22.7 <http://22.22.22.7>
> R2#
>
> R2#sh ip mroute 224.1.1.2 <http://224.1.1.2>
> Group 224.1.1.2 <http://224.1.1.2> not found
> R2#
>
> R2#sh ip mroute 224.1.1.2 <http://224.1.1.2>
> Group 224.1.1.2 <http://224.1.1.2> not found
> R2#sh ip mroute 224.1.1.8 <http://224.1.1.8>
> IP Multicast Routing Table
> Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM
> Group, C - Connected,
> L - Local, P - Pruned, R - RP-bit set, F -
> Register flag,
> T - SPT-bit set, J - Join SPT, M - MSDP created
> entry,
> X - Proxy Join Timer Running, A - Candidate for
> MSDP Advertisement,
> U - URD, I - Received Source Specific Host
> Report
> Outgoing interface flags: H - Hardware switched
> Timers: Uptime/Expires
> Interface state: Interface, Next-Hop or VCD,
> State/Mode
>
> (*, 224.1.1.8 <http://224.1.1.8>), 00:08:14/00:02:45, RP
5.5.5.5<http://5.5.5.5>,
> flags:
> SJC
> Incoming interface: Serial0.56, RPF nbr 10.1.1.5 <http://10.1.1.5>
> Outgoing interface list:
> Ethernet0, Forward/Sparse-Dense, 00:08:14/00:02:45
>
> R2#
>
> R2 directly connected to R8.
>
> R8#sri e0
> Building configuration...
>
> Current configuration : 124 bytes
> !
> interface Ethernet0
> ip address 22.22.22.8 <http://22.22.22.8>
255.255.255.0<http://255.255.255.0>
> ip igmp join-group 224.1.1.2 <http://224.1.1.2>
> ip igmp join-group 224.1.1.8 <http://224.1.1.8>
> end
>
> R8#
>
> Thanks,
>
> Ashok
>
>
>
>
> --- "Venkataramanaiah.R" <vramanaiah@gmail.com> wrote:
>
> > Ashok.. This behaviour makes perfect sense to me..
> > After it is the IGMP join
> > that you are preventing using the ip igmp
> > access-group command. The (*,G)
> > that you are mentioning are the PIM joins sent by
> > the downstream routers,
> > which obviously will not be filtered.
> >
> > -Venkat
> >
> > On 10/11/05, Ashok M A <ashok_ccie@yahoo.co.in>
> > wrote:
> > >
> > > Adding to this, I could see "ip igmp access-group"
> > has
> > > effect only if it is configured on the router
> > where
> > > the hosts directly connected. This has no effect
> > if
> > > configured on other router on the path towards the
> > RP.
> > > I see (*,G) is not filtered if configured on the
> > > router on the path towards the RP.
> > >
> > > Corret me if I am missing something.
> > >
> > >
> > > Thanks & Regards,
> > >
> > > Ashok M A
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com] On Behalf Of simon
> > hart
> > > Sent: Thursday, September 01, 2005 6:44 PM
> > > To: dusth@comcast.net; ccielab@groupstudy.com
> > > Subject: RE: ip multicast boundary vs. ip igmp
> > > access-group
> > >
> > > Dustin,
> > >
> > > The difference between the two commands are:
> > >
> > > ip multicast boundary - this will prevent mulicast
> > > traffic within the specified access list from
> > > transiting the interface, thus blocking the
> > defined
> > > traffic.
> > >
> > > ip igmp access-group - this will prevent hosts
> > within
> > > the attached subnet from joining multicast groups
> > > identified within the associated access list.
> > > This command does not stop the multicast traffic
> > from
> > > transiting the interface (ie to a PIM neighbor),
> > just
> > > stops the hosts from joining.
> > >
> > > HTH
> > >
> > > Simon
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com]On Behalf Of
> > > dusth@comcast.net
> > > Sent: 01 September 2005 13:43
> > > To: ccielab@groupstudy.com
> > > Subject: ip multicast boundary vs. ip igmp
> > > access-group
> > >
> > >
> > > Hello group,
> > > I'm confused the difference between < ip multicast
> > > boundary vs. ip igmp
> > > access-group>. I do not know exactly when to use
> > one
> > > or the other. Is
> > > access-group><ip
> > > mulitcast boundary> command used when filter out
> > only
> > > one single multicast stream? In contrast, is <ip
> > igmp
> > > access-group> command used when need to filter a
> > > range of multicast stream?
> > > Please help.
> > > Thanks,
> > > Dustin
> > >
> > >
> > >
> > >
> > >
> > >
> >
> __________________________________________________________
> > > Yahoo! India Matrimony: Find your partner now. Go
> > to
> > > http://yahoo.shaadi.com
> > >
> > >
> >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
>
>
>
>
> __________________________________________________________
> Yahoo! India Matrimony: Find your partner now. Go to
> http://yahoo.shaadi.com
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3