From: Ali Mousawi (mousawi.ali@gmail.com)
Date: Thu Dec 04 2008 - 05:01:45 ARST
According to cisco Doc
You can apply an IGMP profile to one or more Layer 2 interfaces, but each
interface can have only one profile applied to it.
while you can apply IGMP filters only to Layer 2 physical interfaces; you
cannot apply IGMP filters to routed ports, switch virtual interfaces (SVIs),
or ports that belong to an EtherChannel group.
On Wed, Dec 3, 2008 at 9:10 PM, mahmoud genidy <ccie.mahmoud@gmail.com>wrote:
> Hi Pavel,
>
> I think both solutions should be OK. Either to use IGMP profiles or to use
> the igm snooping access-group.
>
> It may depend on the wording of the question. In my case I got the question
> like this [ Drop the igmp messages received from host behind fa0/12
> directed
> to group 232.32.32.32]
>
> In the documentation CD under the IGMP profiles configuration it uses same
> wording [Drop igmp messages on layer-2 interface]. So I think I would go
> with igmp profile in the rela exam if I got same question.
>
> In the DOC CD it gives an example of permitting specific group. However if
> you like to deny one group and permit all other groups. I found this a
> little bit long thing:
>
> igmp profile 1
> deny
> range 232.32.32.32
> permit
> range 224.0.0.0 232.32.32.31
> range 232.32.32.33 239.255.255.255
>
> OR is it enough to do it like this:
>
> igmp profile 1
> permit
> range 224.0.0.0 232.32.32.31
> range 232.32.32.33 239.255.255.255
>
> Regards,
> Mahmoud
> On Thu, Dec 4, 2008 at 2:11 PM, Pavel Bykov <slidersv@gmail.com> wrote:
>
> > The command reference has a nice explanation. Both can accomplish the
> task.
> > But just think about nature of multicast.
> > Is there native multicast on layer 2? .... N O.
> > Mr. Deering was all for L3 protocols, and even though there is mapping to
> > L2 addresses, the IGMP protocol as such is for communication between
> > multicast router and host.
> > So we need Snooping on L2 to make our device intelligent - sniff for
> > correct packets and take actions.
> >
> >
> > So, if the interface in question is L3, IP address and everything, then
> it
> > would be "ip igmp access-group".
> > If the interface in question is L2, VLAN access, trunk, or such, then it
> > will be "ip igmp snooping access-group".
> >
> >
> > There are exception to the rule apparently, like if you want to apply L2
> > filter on all ports in a VLAN, you can use "ip igmp snooping
> access-group"
> > on SVI, but that I haven't checked.
> >
> >
> > On Wed, Dec 3, 2008 at 1:21 PM, mahmoud genidy <ccie.mahmoud@gmail.com
> >wrote:
> >
> >> Hi,
> >>
> >> I have Layer 3 switch (Catalyst with IP routing enabled). I need to drop
> >> IGMP join messages of specific multicast group coming from specific port
> >> say
> >> FA0/1.
> >>
> >> I was thinking about two options and I'm not sure which one is the best
> >> answer:
> >>
> >> 1- ip igmp snooping access-group command in interface level of fa0/1 of
> >> the
> >> switch. With the access list denying igmp traffic from any host to the
> >> multicast group
> >>
> >> 2- ip igmp access-group command in interface level of fa0/1 of the
> switch.
> >> With the same access-list which denies the specific multicast group.
> >>
> >> Which command is the right in this case?
> >>
> >> Thanks,
> >>
> >> Mahmoud
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Pavel Bykov
> > ----------------
> > Don't forget to help stopping the braindumps, use of which reduces value
> of
> > your certifications. Sign the petition at http://www.stopbraindumps.com/
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST