RE: PIM Spoofing.

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Aug 16 2006 - 16:07:38 ART

• Next message: Aamir Aziz: "ISDN Issue"
• Previous message: Patricia Loreal: "Re: PIM Spoofing."
• Maybe in reply to: Patricia Loreal: "PIM Spoofing."
• Next in thread: Patricia Loreal: "Re: PIM Spoofing."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Define "spoofing" that you are trying to prevent.

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
<http://forum.internetworkexpert.com/>
Live Chat: http://www.internetworkexpert.com/chat/

________________________________

From: Patricia Loreal [mailto:ploreal@gmail.com]
Sent: Wednesday, August 16, 2006 1:56 PM
To: Brian McGahan
Cc: Cisco certification
Subject: Re: PIM Spoofing.

Hello Dear Brian, thanks for your reply,

I have 2 RPs in my network 200.1.1.1 and 200.5.5.5.5, and I want to
prevent spoofing of one of the RPs (only 200.1.1.1), but IGMP Groups
that are Registered with RP5 ( 200.5.5.5) should be still avertised by
the Mapping Agent.

How can I do that Using BSR or Auto-RP,
Thanks Patricia.
On 8/16/06, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
       Assuming that your RP address is learned via a dynamic routing
protocol you would first want to make sure that your routing domain is
secure. This would mean authentication, route filtering, URPF, etc.
As for preventing additional RPs from being learned via Auto-RP you can
use the "ip pim accept-rp" or the "ip pim rp-announce-filter" features.
You can also filter Auto-RP or BSR at the interface level with the "ip
multicast-boundary" command or the "ip pim bsr-border" commands. What
specifically are you trying to accomplish?

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com ] On Behalf
Of
> Patricia Loreal
> Sent: Wednesday, August 16, 2006 1:18 PM
> To: Cisco certification
> Subject: PIM Spoofing.
>
> Hello Dear,
>
> How to configure a PIM Sparse Multicast domain to prevent RP
spoofing.??
>
> Thanks
> Patri.
>
>

• Next message: Aamir Aziz: "ISDN Issue"
• Previous message: Patricia Loreal: "Re: PIM Spoofing."
• Maybe in reply to: Patricia Loreal: "PIM Spoofing."
• Next in thread: Patricia Loreal: "Re: PIM Spoofing."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART