rp spoofing

From: David Lonnie (david.lonnie@gmail.com)
Date: Fri May 30 2008 - 23:37:45 ART

• Next message: John: "Re: ISL Trunks"
• Previous message: Thomas Fowles: "Re: ip precedence"
• Next in thread: Thomas Fowles: "Re: rp spoofing"
• Maybe reply: Thomas Fowles: "Re: rp spoofing"
• Maybe reply: David Lonnie: "Re: rp spoofing"
• Maybe reply: akyccie: "Re: rp spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,exports:

There is a router R1 in a multicast domain (for example,224.10.10.10).
It's auto-rp, and at the same time,it's rp-agent.

R1:
ip multcast-routing
interface lo0
  ip address 50.50.1.1 255.255.255.0
  ip pim sparse-dense-mode

access-list 1 permit 224.10.10.10
ip pim send-rp-announce lo0 scope 16 group-list 1
ip pim send-rp-discovery lo0 scope 16

This is my question. How to configure R1to prevent RP spoofing,only accept
loopback0 as RP for group 224.10.10.10

I check it on Document CD.
http://www.cisco.com/en/US/docs/ios/ipmulti/command/reference/imc_04.html#wp1014569
ip pim rp-announce-filter

To filter incoming Auto-RP announcement messages coming from the rendezvous
point (RP), use the *ip pim rp-announce-filter* command in global
configuration mode. To remove the filter, use the *no* form of this command.

So I add these configurations.

access-list 2 deny host 50.50.1.1
access-list 2 permit ip any
ip pim rp-announce-filter rp-list 2 group-list 1

Is it correct? And anything else should be configured?
Please correct me if I'm wrong.I'll be very appreciated.

David

• Next message: John: "Re: ISL Trunks"
• Previous message: Thomas Fowles: "Re: ip precedence"
• Next in thread: Thomas Fowles: "Re: rp spoofing"
• Maybe reply: Thomas Fowles: "Re: rp spoofing"
• Maybe reply: David Lonnie: "Re: rp spoofing"
• Maybe reply: akyccie: "Re: rp spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:18 ART