From: Ladee Geek (ladeegeek@gmail.com)
Date: Mon Nov 19 2007 - 22:43:57 ART
Crud - of course replace my ICMP with IGMP!! It's been a long day!
On 11/19/07, Ladee Geek <ladeegeek@gmail.com> wrote:
>
> There are a couple of config issues here:
>
> 1. your statement under the lan interface of r6, ip igmp join-group
> 227.7.7.7
> specifially tells the router to join that group. You get *,g until you
> switch over to spt. It's not a dynamic join from an ICMP request. You've
> hard coded that router to join the 227.7.7.7 group.
>
> 2. the ICMP join requests are coming from the lan, which causes r6 to
> join the group on that segment, add the group with *, g and send a join
> request to r2. The ICMP join is not going from R2 to R6, the icmp join is
> going from R6 to R2. What R2 sends back down is just an mpacket. Not icmp.
>
>
> Hope this helps. Remember - ICMP is a host to router communication, not
> router to router.
>
> Tammy
>
>
> On 11/15/07, iosluver@gmail.com < iosluver@gmail.com> wrote:
> >
> > Hi GS,
> >
> > Can someone please point out my mistake here. I am tryng to filter igmp
> > requests to certain Multicast groups on a LAN segment while permiting
> > others.
> >
> > I have PIM sparse-mode running on the links between all routers. I
> > applied the config below. Correct me if I'm wrong here, but shouldn't R2
> > prevent R6 from joining 227.7.7.7 while allowing it to join 226.6.6.6. I
> > see R6 responding to the ICMP requests. Worse still, I'm logging ACL
> > violations & though the packet is denied, R2 adds a route for the group in
> > its mroute table.
> >
> > Is this a bad approach for testing this? Hope someone takes time out to
> > read this. .
> >
> > Here is a sketchy picture of what I did. Thanks in advance
> >
> > R1-------FRAME-RELAY---------R2=========LAN=======R6
> >
> > R2
> > +++++++++++++++++++++++++++++++++++++++++
> > ip access-list standard IGMP-VLAN26
> > permit 226.0.0.0 0.255.255.255
> > deny any log
> >
> > interface FastEthernet0/0
> > ip address 173.1.26.2 255.255.255.0
> > ip pim sparse-dense-mode
> > ip rip advertise 10
> > ip rip authentication mode md5
> > ip rip authentication key-chain RIP
> > ip igmp access-group IGMP-VLAN26
> > speed 100
> > full-duplex
> >
> > interface Serial0/0.201 point-to-point
> > ip address 173.1.12.2 255.255.255.0
> > ip pim sparse-mode
> > ip rip advertise 10
> > no ip route-cache
> > frame-relay interface-dlci 201
> >
> > +++++++++++++++++++++++++++++++++++++++++++
> >
> > R6
> > +++++
> > interface FastEthernet0/0.62
> > encapsulation dot1Q 62
> > ip address 192.10.1.6 255.255.255.0
> > ip pim sparse-mode
> > ip rip advertise 10
> > no ip route-cache
> > ip igmp join-group 226.6.6.6
> > ip igmp join-group 227.7.7.7
> > no snmp trap link-status
> >
> > ++++++++++++++++++++++++++++++++++++++++++++++
> >
> > R1
> > +++++
> >
> > interface Loopback0
> > ip address 150.1.1.1 255.255.255.0
> > ip pim sparse-mode
> > end
> >
> > interface Serial0/0.102 point-to-point
> > ip address 173.1.12.1 255.255.255.0
> > ip pim sparse-mode
> > ip rip advertise 10
> > frame-relay interface-dlci 102
> > end
> > ************************************************************
> >
> >
> > DEBUG OUTPUT
> > ===============================================================
> > %SEC-6-IPACCESSLOGNP: list IGMP-VLAN26 denied 0 227.7.7.7 -> 0.0.0.0, 1
> > packet
> > %SEC-6-IPACCESSLOGNP: list IGMP-VLAN26 denied 0 227.7.7.7 -> 0.0.0.0, 1
> > packet
> >
> > Received v2 Join/Prune on FastEthernet0/0 from 173.1.26.6, to us
> > Join-list: (*, 227.7.7.7 ), RPT-bit set, WC-bit set, S-bit set
> > Add FastEthernet0/0/173.1.26.6 to (*, 227.7.7.7), Forward state, by PIM
> > *G Join
> > Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 27.7.7.7
> > Insert (*,227.7.7.7) join in nbr 173.1.12.1's queue
> > Building Join/Prune packet for nbr 173.1.12.1
> > Adding v2 ( 150.1.1.1/32, 227.7.7.7), WC-bit, RPT-bit, S-bit Join
> > Send v2 join/prune to 173.1.12.1 (Serial0/0.201)
> > Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 227.7.7.7
> > Insert (*, 227.7.7.7) join in nbr 173.1.26.2's queue
> > Building Join/Prune packet for nbr 173.1.26.2
> > Adding v2 ( 150.1.1.1/32, 227.7.7.7), WC-bit, RPT-bit, S-bit Join
> > Send v2 join/prune to 173.1.26.2 (FastEthernet0/0.26)
> > Insert (150.1.1.1, 227.7.7.7) join in nbr 173.1.26.2's queu
> > Insert ( 173.1.18.1,227.7.7.7) join in nbr 173.1.26.2's que
> > Building Join/Prune packet for nbr 173.1.26.2
> > Adding v2 ( 150.1.1.1/32, 227.7.7.7), S-bit Join
> > Adding v2 ( 173.1.18.1/32, 227.7.7.7), S-bit Join
> > Send v2 join/prune to 173.1.26.2 (FastEthernet0/0.26)
> > ===============================================================
> >
> > Rack3R1#ping 226.6.6.6 repeat 100
> >
> > Type escape sequence to abort.
> > Sending 100, 100-byte ICMP Echos to 226.6.6.6, timeout is 2 seconds:
> >
> > Reply to request 0 from 173.1.26.6, 61 ms
> > Reply to request 0 from 173.1.26.6, 77 ms
> > Reply to request 1 from 173.1.26.6, 64 ms
> > Rack3R1#ping 227.7.7.7 repeat 100
> >
> > Type escape sequence to abort.
> > Sending 100, 100-byte ICMP Echos to 227.7.7.7, timeout is 2 seconds:
> >
> > Reply to request 0 from 173.1.26.6 , 64 ms
> > Reply to request 0 from 173.1.26.6, 116 ms
> > Reply to request 0 from 173.1.26.6, 80 ms
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> r/
> Tammy
-- r/ Tammy
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART