RE: IGMP profile deny

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Fri Aug 25 2006 - 15:27:01 ART

• Next message: Victor Cappuccio: "RE: TCL ping script with tos and byte size option?"
• Previous message: CharlesB: "RE: Route reflector"
• Maybe in reply to: xprtofnet: "IGMP profile deny"
• Next in thread: Victor Cappuccio: "RE: IGMP profile deny"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Chris, you are right..

If your action is permit then every thing is going to be denied, if your
action is deny then everything would be permitted

The Testing of the above mentioned

R4 Client Join MCast Group --- (Sw2 -- Vlan 34 -- Sw1) ------ R3

(R3 Acting also like a Server, running in ip pim dense for simplicity only
on R3 Ethernet)

R3#show ip pim neigh
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
R3#
BB1-TS#4
[Resuming connection 4 to r4 ... ]

R4#show ip pim inter

Address Interface Ver/ Nbr Query DR DR
                                          Mode Count Intvl Prior
R4#show ip igmp grou
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 FastEthernet0/0 00:01:58 stopped 150.34.34.4
224.2.2.2 FastEthernet0/0 00:01:57 stopped 150.34.34.4

With out any IGMP Profile Configured at the Switch1, let's see if it works

R3#clear ip mroute *
R3#ping 224.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

Reply to request 0 from 150.34.34.4, 8 ms
R3#ping 224.2.2.2

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:

Reply to request 0 from 150.34.34.4, 8 ms

!Cool it works

Now With this configuration at Sw1

Sw1(config)#ip igmp profile 6
Sw1(config-igmp-profile)#permit
Sw1(config-igmp-profile)#range 224.1.1.1
Sw1(config-igmp-profile)#end
Sw1(config)#do show ip igmp profile 6
IGMP Profile 6
    permit
    range 224.1.1.1 224.1.1.1
Sw1(config)#int f0/3
Sw1(config-if)#ip igmp filter 6

Now let's test at R3 Again

R3#clear ip mroute *
R3#ping 224.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

Reply to request 0 from 150.34.34.4, 4 ms
R3#ping 224.2.2.2

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
.
R3#

Sw1(config)#ip igmp profile 2
Sw1(config-igmp-profile)#deny
Sw1(config-igmp-profile)#range 224.2.2.2
Sw1(config-igmp-profile)#end
Sw1(config)#do show ip igmp profile 2
IGMP Profile 2
    range 224.2.2.2 224.2.2.2
Sw1(config)#int f0/3
Sw1(config-if)#ip igmp fil 2

Let's try it

R3#clear ip mroute *
R3#ping 224.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

Reply to request 0 from 150.34.34.4, 8 ms
R3#ping 224.2.2.2

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
.
R3#

You can do your own testing now having the configuration topology to see if
it works like you thought from group to group :D

HTH
Victor.--

Ahh BTW very nice question, much challenging

-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
Plukkie
Enviado el: Viernes, 25 de Agosto de 2006 03:37 a.m.
Para: Guzman, Chris
CC: xprtofnet; ccielab
Asunto: Re: IGMP profile deny

I tested this one out.
It seems to be that the default action is indeed drop for the addresses you
specifie!, but the unspecified will then be permitted.
This makes sense, cause in a filter you can only define once an action (drop
or permit).

so permit range XX - YY will permit ONLY XX - YY.
and drop range XX - YY will deny XX - YY range, but permit rest.

On 8/25/06, Guzman, Chris <Chris.Guzman@mckesson.com> wrote:
>
> I thought the default action was to deny, so in order to permit the
> other groups you would need to exclude the group that you wanted to deny
> from the permit range...
>
> Permit
> Range 224.0.0.0 239.1.1.0
> Range 239.1.1.2 239.255.255.255
>
>
> I am not 100% sure on this, so I would welcome any comments...
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> xprtofnet
> Sent: Tuesday, August 22, 2006 8:37 PM
> To: ccielab
> Subject: IGMP profile deny
>
> two questions:
>
> Is this the correct config to deny 1 group say
> 239.1.1.1
> on a switch port f0/9
>
>
> !
> ip igmp profile 1
> range 239.1.1.1 239.1.1.1
> !
> interface FastEthernet0/9
> switchport mode dynamic desirable
> ip igmp filter 1
> end
>
> 2nd:
> how about if i want to permit all others? is that
> automatically going to allow all other groups on this
> port ?
>
> Thank you,
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Victor Cappuccio: "RE: TCL ping script with tos and byte size option?"
• Previous message: CharlesB: "RE: Route reflector"
• Maybe in reply to: xprtofnet: "IGMP profile deny"
• Next in thread: Victor Cappuccio: "RE: IGMP profile deny"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:58 ART