Re¡G IP IGMP filter???

From: Chan Hong (chan_hong33@yahoo.com)
Date: Fri Nov 16 2007 - 10:39:44 ART

• Next message: Victor Cappuccio: "Re: CCIE 19366"
• Previous message: Gary Duncanson: "Re: CCIE 19366"
• Next in thread: shiran guez: "Re: Re¡G IP IGMP filter???"
• Maybe reply: shiran guez: "Re: Re¡G IP IGMP filter???"
• Maybe reply: shiran guez: "Re: Re¡G IP IGMP filter???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In your config, it's sparse-dense mode on R2 Fa0/0
Check out does the fall
back dense happen on R2 when you block the igmp report message from R6.
----- 6l%s-l%s ----
1H%s$H!R shiran guez <shiranp3@gmail.com>
&,%s$H
iosluver@gmail.com
0F%;(CC) ccielab@groupstudy.com
6G0e$i4A!R 2007 &~ 11$k 16
$i ,P4A$- $U$H 1:44:32
%DCD!G Re: IP IGMP filter???

the access-group is not
filtering, it is like a Join Group but for the
network behind it so what you
did is on R2 made the network 173.1.26.0 all
the host behind it can use group
226.6.6.6 without actually send a Join, and
on R6 you actually explicitly
joined both groups.

to filter this 227.7.7.7 you need a access list and
assign it to the
interface ip access-group ...

please some one comment as I
do not see other way for this scenario.

unless you use IGMPv3 where you can
filter.

On Nov 16, 2007 3:50 AM, <iosluver@gmail.com> wrote:

> Hi GS,
>
>
Can someone please point out my mistake here. I am tryng to filter igmp
>
requests to certain Multicast groups on a LAN segment while permiting
>
others.
>
> I have PIM sparse-mode running on the links between all routers. I
applied
> the config below. Correct me if I'm wrong here, but shouldn't R2
prevent R6
> from joining 227.7.7.7 while allowing it to join 226.6.6.6. I see
R6
> responding to the ICMP requests. Worse still, I'm logging ACL violations
&
> though the packet is denied, R2 adds a route for the group in its mroute
>
table.
>
> Is this a bad approach for testing this? Hope someone takes time
out to
> read this. .
>
> Here is a sketchy picture of what I did. Thanks in
advance
>
> R1-------FRAME-RELAY---------R2=========LAN=======R6
>
> R2
>
+++++++++++++++++++++++++++++++++++++++++
> ip access-list standard
IGMP-VLAN26
> permit 226.0.0.0 0.255.255.255
> deny any log
>
> interface
FastEthernet0/0
> ip address 173.1.26.2 255.255.255.0
> ip pim
sparse-dense-mode
> ip rip advertise 10
> ip rip authentication mode md5
>
ip rip authentication key-chain RIP
> ip igmp access-group IGMP-VLAN26
>
speed 100
> full-duplex
>
> interface Serial0/0.201 point-to-point
> ip
address 173.1.12.2 255.255.255.0
> ip pim sparse-mode
> ip rip advertise 10
> no ip route-cache
> frame-relay interface-dlci 201
>
>
+++++++++++++++++++++++++++++++++++++++++++
>
> R6
> +++++
> interface
FastEthernet0/0.62
> encapsulation dot1Q 62
> ip address 192.10.1.6
255.255.255.0
> ip pim sparse-mode
> ip rip advertise 10
> no ip
route-cache
> ip igmp join-group 226.6.6.6
> ip igmp join-group 227.7.7.7
>
no snmp trap link-status
>
> ++++++++++++++++++++++++++++++++++++++++++++++
>
> R1
> +++++
>
> interface Loopback0
> ip address 150.1.1.1 255.255.255.0
>
ip pim sparse-mode
> end
>
> interface Serial0/0.102 point-to-point
> ip
address 173.1.12.1 255.255.255.0
> ip pim sparse-mode
> ip rip advertise 10
> frame-relay interface-dlci 102
> end
>
************************************************************
>
>
> DEBUG
OUTPUT
> ===============================================================
>
%SEC-6-IPACCESSLOGNP: list IGMP-VLAN26 denied 0 227.7.7.7 -> 0.0.0.0, 1
>
packet
> %SEC-6-IPACCESSLOGNP: list IGMP-VLAN26 denied 0 227.7.7.7 -> 0.0.0.0,
1
> packet
>
> Received v2 Join/Prune on FastEthernet0/0 from 173.1.26.6, to
us
> Join-list: (*, 227.7.7.7), RPT-bit set, WC-bit set, S-bit set
> Add
FastEthernet0/0/173.1.26.6 to (*, 227.7.7.7), Forward state, by PIM *G
> Join
> Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 27.7.7.7
>
Insert (*,227.7.7.7) join in nbr 173.1.12.1's queue
> Building Join/Prune
packet for nbr 173.1.12.1
> Adding v2 (150.1.1.1/32, 227.7.7.7), WC-bit,
RPT-bit, S-bit Join
> Send v2 join/prune to 173.1.12.1 (Serial0/0.201)
>
Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 227.7.7.7
>
Insert (*,227.7.7.7) join in nbr 173.1.26.2's queue
> Building Join/Prune
packet for nbr 173.1.26.2
> Adding v2 (150.1.1.1/32, 227.7.7.7), WC-bit,
RPT-bit, S-bit Join
> Send v2 join/prune to 173.1.26.2 (FastEthernet0/0.26)
>
Insert (150.1.1.1,227.7.7.7) join in nbr 173.1.26.2's queu
> Insert
(173.1.18.1,227.7.7.7) join in nbr 173.1.26.2's que
> Building Join/Prune
packet for nbr 173.1.26.2
> Adding v2 (150.1.1.1/32, 227.7.7.7), S-bit Join
>
Adding v2 (173.1.18.1/32, 227.7.7.7), S-bit Join
> Send v2 join/prune to
173.1.26.2 (FastEthernet0/0.26)
>
===============================================================
>
>
Rack3R1#ping 226.6.6.6 repeat 100
>
> Type escape sequence to abort.
> Sending
100, 100-byte ICMP Echos to 226.6.6.6, timeout is 2 seconds:
>
> Reply to
request 0 from 173.1.26.6, 61 ms
> Reply to request 0 from 173.1.26.6, 77 ms
>
Reply to request 1 from 173.1.26.6, 64 ms
> Rack3R1#ping 227.7.7.7 repeat 100
>
> Type escape sequence to abort.
> Sending 100, 100-byte ICMP Echos to
227.7.7.7, timeout is 2 seconds:
>
> Reply to request 0 from 173.1.26.6, 64 ms
> Reply to request 0 from 173.1.26.6, 116 ms
> Reply to request 0 from
173.1.26.6, 80 ms
>
>

• Next message: Victor Cappuccio: "Re: CCIE 19366"
• Previous message: Gary Duncanson: "Re: CCIE 19366"
• Next in thread: shiran guez: "Re: Re¡G IP IGMP filter???"
• Maybe reply: shiran guez: "Re: Re¡G IP IGMP filter???"
• Maybe reply: shiran guez: "Re: Re¡G IP IGMP filter???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART