Re(2): IGMP profile deny

From: Angelo De Guzman (a.deguzman@wesolv.ph.fujitsu.com)
Date: Sun Aug 27 2006 - 01:16:00 ART

• Next message: Angelo De Guzman: "Re(2): ip redirects/ip unreachables"
• Previous message: George Bekmezian: "RE: EAZYVPN through the PIX. Very interesting..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Or denying this group - 239.1.1.1. And all others would be permitted.

Guzman, Chris (8/26/06 2:42 AM):
>
>That being said...the solution to original question to deny a single
>group 239.1.1.1 and permit the rest, would be to create a range that
>permits all the rest, thereby denying what is NOT explicitly permitted
>
>Thanks
>
>
>-----Original Message-----
>From: Victor Cappuccio [mailto:cvictor@protokolgroup.com]
>Sent: Friday, August 25, 2006 11:40 AM
>To: Guzman, Chris
>Cc: 'xprtofnet'; 'ccielab'; 'Plukkie'
>Subject: RE: IGMP profile deny
>
>Sorry these days I have a terrible flu, what I meant to say, is that, If
>your action is permit then everything else is going to be denied, if
>your
>action is deny then everything else would be permitted
>
>Sorry Dudes for the confusion-
>
>
>-----Mensaje original-----
>De: Victor Cappuccio [mailto:cvictor@protokolgroup.com]
>Enviado el: Viernes, 25 de Agosto de 2006 02:27 p.m.
>Para: 'Guzman, Chris'
>CC: 'xprtofnet'; 'ccielab'; 'Plukkie'
>Asunto: RE: IGMP profile deny
>
>Hi Chris, you are right..
>
>If your action is permit then every thing is going to be denied, if your
>action is deny then everything would be permitted
>
>The Testing of the above mentioned
>
>R4 Client Join MCast Group --- (Sw2 -- Vlan 34 -- Sw1) ------ R3
>
>(R3 Acting also like a Server, running in ip pim dense for simplicity
>only
>on R3 Ethernet)
>
>R3#show ip pim neigh
>PIM Neighbor Table
>Mode: B - Bidir Capable, DR - Designated Router, N - Default DR
>Priority,
> S - State Refresh Capable
>Neighbor Interface Uptime/Expires Ver DR
>Address
>Prio/Mode
>R3#
>BB1-TS#4
>[Resuming connection 4 to r4 ... ]
>
>R4#show ip pim inter
>
>Address Interface Ver/ Nbr Query DR DR
> Mode Count Intvl Prior
>R4#show ip igmp grou
>IGMP Connected Group Membership
>Group Address Interface Uptime Expires Last
>Reporter
>224.1.1.1 FastEthernet0/0 00:01:58 stopped
>150.34.34.4
>224.2.2.2 FastEthernet0/0 00:01:57 stopped
>150.34.34.4
>
>
>With out any IGMP Profile Configured at the Switch1, let's see if it
>works
>
>
>R3#clear ip mroute *
>R3#ping 224.1.1.1
>
>Type escape sequence to abort.
>Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
>
>Reply to request 0 from 150.34.34.4, 8 ms
>R3#ping 224.2.2.2
>
>Type escape sequence to abort.
>Sending 1, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
>
>Reply to request 0 from 150.34.34.4, 8 ms
>
>!Cool it works
>
>Now With this configuration at Sw1
>
>Sw1(config)#ip igmp profile 6
>Sw1(config-igmp-profile)#permit
>Sw1(config-igmp-profile)#range 224.1.1.1
>Sw1(config-igmp-profile)#end
>Sw1(config)#do show ip igmp profile 6
>IGMP Profile 6
> permit
> range 224.1.1.1 224.1.1.1
>Sw1(config)#int f0/3
>Sw1(config-if)#ip igmp filter 6
>
>Now let's test at R3 Again
>
>R3#clear ip mroute *
>R3#ping 224.1.1.1
>
>Type escape sequence to abort.
>Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
>
>Reply to request 0 from 150.34.34.4, 4 ms
>R3#ping 224.2.2.2
>
>Type escape sequence to abort.
>Sending 1, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
>.
>R3#
>
>
>Sw1(config)#ip igmp profile 2
>Sw1(config-igmp-profile)#deny
>Sw1(config-igmp-profile)#range 224.2.2.2
>Sw1(config-igmp-profile)#end
>Sw1(config)#do show ip igmp profile 2
>IGMP Profile 2
> range 224.2.2.2 224.2.2.2
>Sw1(config)#int f0/3
>Sw1(config-if)#ip igmp fil 2
>
>Let's try it
>
>R3#clear ip mroute *
>R3#ping 224.1.1.1
>
>Type escape sequence to abort.
>Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
>
>Reply to request 0 from 150.34.34.4, 8 ms
>R3#ping 224.2.2.2
>
>Type escape sequence to abort.
>Sending 1, 100-byte ICMP Echos to 224.2.2.2, timeout is 2 seconds:
>.
>R3#
>
>
>You can do your own testing now having the configuration topology to see
>if
>it works like you thought from group to group :D
>
>HTH
>Victor.--
>
>Ahh BTW very nice question, much challenging
>
>
>
>-----Mensaje original-----
>De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
>Plukkie
>Enviado el: Viernes, 25 de Agosto de 2006 03:37 a.m.
>Para: Guzman, Chris
>CC: xprtofnet; ccielab
>Asunto: Re: IGMP profile deny
>
>I tested this one out.
>It seems to be that the default action is indeed drop for the addresses
>you
>specifie!, but the unspecified will then be permitted.
>This makes sense, cause in a filter you can only define once an action
>(drop
>or permit).
>
>so permit range XX - YY will permit ONLY XX - YY.
>and drop range XX - YY will deny XX - YY range, but permit rest.
>
>
>On 8/25/06, Guzman, Chris <Chris.Guzman@mckesson.com> wrote:
>>
>> I thought the default action was to deny, so in order to permit the
>> other groups you would need to exclude the group that you wanted to
>deny
>> from the permit range...
>>
>> Permit
>> Range 224.0.0.0 239.1.1.0
>> Range 239.1.1.2 239.255.255.255
>>
>>
>> I am not 100% sure on this, so I would welcome any comments...
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>Of
>> xprtofnet
>> Sent: Tuesday, August 22, 2006 8:37 PM
>> To: ccielab
>> Subject: IGMP profile deny
>>
>> two questions:
>>
>> Is this the correct config to deny 1 group say
>> 239.1.1.1
>> on a switch port f0/9
>>
>>
>> !
>> ip igmp profile 1
>> range 239.1.1.1 239.1.1.1
>> !
>> interface FastEthernet0/9
>> switchport mode dynamic desirable
>> ip igmp filter 1
>> end
>>
>> 2nd:
>> how about if i want to permit all others? is that
>> automatically going to allow all other groups on this
>> port ?
>>
>> Thank you,
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam? Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>>
>_______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>_______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>***********************
>No virus was detected in the attachment no filename
>
>Your mail has been scanned by InterScan MSS.
>***********-***********
>

***********************
No virus was detected in the attachment no filename

Your mail has been scanned by InterScan MSS.
***********-***********

• Next message: Angelo De Guzman: "Re(2): ip redirects/ip unreachables"
• Previous message: George Bekmezian: "RE: EAZYVPN through the PIX. Very interesting..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:58 ART