From: Marvin Greenlee (marvingreenlee@yahoo.com)
Date: Tue Jan 17 2006 - 17:56:48 GMT-3
All access lists are not created equally. Just
because two access lists appear to match the same
thing, it doesn't mean that the router will treat them
the same.
In this case, look at the difference between a single
ACL line matching the /4 and a 16 line ACL matching
each of the individual /8s covered in the range.
The ACL announcing 224.0.0.0/4 in a single line is not
treated the same as an ACL announcing 16 individual
lines of:
224.0.0.0/8
225.0.0.0/8
226.0.0.0/8
...
238.0.0.0/8
239.0.0.0/8
Try with the 16 line access list and watch the same
debugs. The router processes each access list line
individually.
--- CCIEin2006 <ciscocciein2006@gmail.com> wrote:
> Thanks but isn't the rp-announce filter unecessary
> if you are specifying the
> groups you want to announce on the rp itself? Or is
> this more of a fail-safe
> mechanism for a misconfigured RP?
>
> On 1/16/06, Brian McGahan
> <bmcgahan@internetworkexpert.com> wrote:
> >
> > Actually it is working as expected. The
> range announced by the
> > candidate RP must match the range configured on
> the mapping agent in the
> > rp-announce-filter. The rp-announce-filter is not
> used to control group
> > to rp mappings, but instead is used to globally
> permit or deny a
> > candidate rp's announcements.
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > CCIEin2006
> > > Sent: Monday, January 16, 2006 3:03 PM
> > > To: Cisco certification
> > > Subject: rp-announce-filter not working as
> expected
> > >
> > > It seems the rp-announce-filter command does not
> work on ranges of
> > group
> > > addresses.
> > > I am saying this because I have one router
> announcing the entire
> > > 224.0.0.0/4range while the mapping agent has a
> filter configured for
> > > 239.0.0.0/8. A debug shows that the 224.0.0.0/4
> is being filtered by
> > the
> > > mapping agent.
> > >
> > > See example below:
> > >
> > > This is the RP ---> (R3)------(R1) <----- This
> is the mapping agent
> > with
> > > rp-announce-filter
> > >
> > > Here are the configs:
> > > R3:
> > > ip pim send-rp-announce Loopback0 scope 15
> > >
> > > R1:
> > > ip pim send-rp-discovery Serial0/0 scope 15
> > > ip pim rp-announce-filter rp-list R3 group-list
> R3-groups
> > > ip access-list standard R3
> > > permit 150.1.3.3
> > > ip access-list standard R3-groups
> > > permit 239.0.0.0 0.255.255.255
> > >
> > > Debug ip pim auto-rp on R1 shows the following:
> > > *Mar 1 23:34:21.671: Auto-RP(0): Received
> RP-announce, from
> > 150.1.3.3,
> > > RP_cnt 1, ht 181
> > > *Mar 1 23:34:21.671: Auto-RP(0): Filtered
> 224.0.0.0/4 for RP
> > 150.1.3.3
> > > *Mar 1 23:34:21.671: Auto-RP(0): Received
> RP-announce, from
> > 150.1.3.3,
> > > RP_cnt 1, ht 181
> > > *Mar 1 23:34:21.671: Auto-RP(0): Filtered
> 224.0.0.0/4 for RP
> > 150.1.3.3
> > >
> > > Any idea why R1 is not permitting the 239.0.0.0
> range?
> > >
> > >
> >
>
This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:49 GMT-3