RE: Client/PC Based Multicast Filtering

From: Salau, Yemi (yemi.salau@siemens.com)
Date: Fri Sep 21 2007 - 05:27:06 ART

• Next message: slevin kremera: "whats the diff bet ^54$ and _54$"
• Previous message: Jonny English: "Re: IT'S DONE. CCIE#18904"
• Maybe in reply to: Salau, Yemi: "Client/PC Based Multicast Filtering"
• Next in thread: jerry.du@accenture.com: "RE: Client/PC Based Multicast Filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Joseph,

Thanks for your contribution, I'm not overthinking this, just trying to
save myself of having to configure this for over 10,000 multicast PCs.
As in I'll have to configure that access-group on all the ports that
connects to 10,000 PCs ... Init?

If there is no better way to do this, then I will have to just take my
fate yet again!

Many Thanks
 
Yemi Salau

-----Original Message-----
From: Joseph Brunner [mailto:joe@affirmedsystems.com]
Sent: Thursday, September 20, 2007 7:24 PM
To: Salau, Yemi; 'Matthew Long'
Cc: ccielab@groupstudy.com
Subject: RE: Client/PC Based Multicast Filtering

Why over think this?

Why not...

!deny certain pc's from sending igmp v2 join's
access-list 101 deny igmp host 10.10.10.x host 239.1.1.1
!
access-list 101 deny igmp host 10.10.10.x host 239.1.1.1
!
!permit the others
access-list 101 permit igmp host 10.10.10.5 host 239.1.1.1
!
!deny all other igmp
access-list 101 deny igmp any any
!
permit all else
!
access-list 101 permit ip any any
!
Apply
int f0/0
ip access-group 101 in

I just did this in my lab... seems to work...

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Salau, Yemi
Sent: Thursday, September 20, 2007 12:32 PM
To: Matthew Long; Joseph Brunner
Cc: ccielab@groupstudy.com
Subject: Client/PC Based Multicast Filtering

I was faced with a task to prevent some PCs(Clients) from joining 2
particular multicast groups. IGMPv2 is in use ...

How would you go about this, considering the fact that there are some
Clients in same subnet, connected at same layer2 point on the network,
who should be able to receive the multicast traffic.

I was thinking of ip igmp access-group, but this will only prevent (S,G)
feeds, as in, it only controls access based on the source of the feed
and also the destination multicast address. But my headache is around
prevent certain PCs from joining certain groups, if I implement ip igmp
access-group, all pcs would potentially be prevented from joining the
group.

Another one I'm thinking is mac access-list, but then I will have to do
this on all vlans across 3 different sites. What's the simplest way of
doing this?

Any Fresh ideas will be appreciated as my head is just too hot at the
moment!

Many Thanks
 
Yemi Salau

• Next message: slevin kremera: "whats the diff bet ^54$ and _54$"
• Previous message: Jonny English: "Re: IT'S DONE. CCIE#18904"
• Maybe in reply to: Salau, Yemi: "Client/PC Based Multicast Filtering"
• Next in thread: jerry.du@accenture.com: "RE: Client/PC Based Multicast Filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART