From: Toh Soon, Lim (tohsoon28@gmail.com)
Date: Thu Nov 01 2007 - 00:24:01 ART
Hi Group,
Can anyone kindly explain how exactly RP announcement filter works?
Say, R7 is the MA. R8 is C-RP (address 200.0.0.8) announcing group
239.0.0.0/8. R6 is also C-RP (address 200.0.0.6) announcing group
236.0.0.0/8.
On R7, I'd like to accept only R8's announcement and block R6's. I
configured the following:
!
ip access-list standard R8_L0
permit 200.0.0.8
!
ip access-list standard R8_GRPS
permit 239.0.0.0 0.255.255.255
!
ip pim send-rp-discovery Loopback0 scope 16
ip pim rp-announce-filter rp-list R8_L0 group-list R8_GRPS
!
There are matches on the ACLs. R7 accepts R8's annoucement as verified using
"deb ip pim auto-rp" and "sh ip pim rp map". However it also accepts R6's
annoucement for group 236.0.0.0/8.
After doing some isolation tests, I suspect there's an implicit "permit
any-rp any-group" at the end of the RP announcement filter. To complete the
task, I need to add a further filter statement to deny all other RPs and all
groups.
Please advise me.
Thank you.
B.Rgds,
Lim TS
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:27 ART