From: Gregory Gombas (ggombas@gmail.com)
Date: Thu Jun 14 2007 - 14:13:40 ART
Thanks for your reply.
Aside from these additional capabilites, will a plain old extended ACL
do the job?
In other words do normal IP access-lists work on filtering multicast traffic?
On 6/14/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> Gregory,
> IP Multicast Boundary has much more capabilities than an
> extended access-list. For example if you configure the filter-autorp
> keyword, the administratively scoped boundary also examines Auto-RP
> discovery and announcement messages and removes any Auto-RP group range
> announcements from the Auto-RP packets that are denied by the boundary ACL.
>
> HTH,
> Tarun
>
> On 6/13/07, Gregory Gombas <ggombas@gmail.com> wrote:
> >
> > When trying to restrict multicast traffic from exiting an interface,
> > couldn't you use an extended ACL with the multicast group IP specified
> > as the destination address?
> >
> > Or are you required to use the IP multicast boundary command?
> >
> > For example, if you wanted to retrict multicast traffic for group
> > 229.1.1.1 from exiting your serial interace, would the following do
> > the trick? Why or why not?
> >
> > access-list 101 deny ip any host 229.1.1.1
> > access-list 101 permit ip any any
> >
> > int ser0/0
> > ip access-group 101 out
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Tarun Pahuja
> CCIE#7707(R&S,Security,SP,Voice,Storage),CCSI
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART