From: mahmoud genidy (ccie.mahmoud@gmail.com)
Date: Thu Dec 04 2008 - 03:10:32 ARST
Hi Pavel,
I think both solutions should be OK. Either to use IGMP profiles or to use
the igm snooping access-group.
It may depend on the wording of the question. In my case I got the question
like this [ Drop the igmp messages received from host behind fa0/12 directed
to group 232.32.32.32]
In the documentation CD under the IGMP profiles configuration it uses same
wording [Drop igmp messages on layer-2 interface]. So I think I would go
with igmp profile in the rela exam if I got same question.
In the DOC CD it gives an example of permitting specific group. However if
you like to deny one group and permit all other groups. I found this a
little bit long thing:
igmp profile 1
deny
range 232.32.32.32
permit
range 224.0.0.0 232.32.32.31
range 232.32.32.33 239.255.255.255
OR is it enough to do it like this:
igmp profile 1
permit
range 224.0.0.0 232.32.32.31
range 232.32.32.33 239.255.255.255
Regards,
Mahmoud
On Thu, Dec 4, 2008 at 2:11 PM, Pavel Bykov <slidersv@gmail.com> wrote:
> The command reference has a nice explanation. Both can accomplish the task.
> But just think about nature of multicast.
> Is there native multicast on layer 2? .... N O.
> Mr. Deering was all for L3 protocols, and even though there is mapping to
> L2 addresses, the IGMP protocol as such is for communication between
> multicast router and host.
> So we need Snooping on L2 to make our device intelligent - sniff for
> correct packets and take actions.
>
>
> So, if the interface in question is L3, IP address and everything, then it
> would be "ip igmp access-group".
> If the interface in question is L2, VLAN access, trunk, or such, then it
> will be "ip igmp snooping access-group".
>
>
> There are exception to the rule apparently, like if you want to apply L2
> filter on all ports in a VLAN, you can use "ip igmp snooping access-group"
> on SVI, but that I haven't checked.
>
>
> On Wed, Dec 3, 2008 at 1:21 PM, mahmoud genidy <ccie.mahmoud@gmail.com>wrote:
>
>> Hi,
>>
>> I have Layer 3 switch (Catalyst with IP routing enabled). I need to drop
>> IGMP join messages of specific multicast group coming from specific port
>> say
>> FA0/1.
>>
>> I was thinking about two options and I'm not sure which one is the best
>> answer:
>>
>> 1- ip igmp snooping access-group command in interface level of fa0/1 of
>> the
>> switch. With the access list denying igmp traffic from any host to the
>> multicast group
>>
>> 2- ip igmp access-group command in interface level of fa0/1 of the switch.
>> With the same access-list which denies the specific multicast group.
>>
>> Which command is the right in this case?
>>
>> Thanks,
>>
>> Mahmoud
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Pavel Bykov
> ----------------
> Don't forget to help stopping the braindumps, use of which reduces value of
> your certifications. Sign the petition at http://www.stopbraindumps.com/
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST