Yeah that would be the easy way. But still I do not want clients to be able
to receive that traffic. If there were clients behind SW1 who aren't allowed
to receive this traffice (like Loopback of SW1) I cannot stop them from
doing a IGMP join. I want it to be impossible for them to receive this
traffic
A multicast boundary does the job. I have tested it out. But I was wondering
if there are any other option to filter it out
2010/7/29 Adrian Brayton <abrayton_at_gmail.com>
> I guess I am missing something... If you dont want SW1 (Loopback) to reply
> to 232.55.55.55, then don't join that group. All the MA does is supply a
> map.
>
>
> On Jul 29, 2010, at 10:18 AM, Maarten Vervoorn wrote:
>
>
> Yes I'm using rp-annouce-filter on the mapping agent(SW1). But it still
> needs to permit 232.55.55.55 on the RP SW2 because R4 needs that traffic. So
> yes I can filter it but than R4 won't receive the traffic. below is how my
> filter on the mapping agent looks like.
>
> ip access-list standard M-SW2
> permit 232.55.55.55
> permit 232.5.5.5
> ip access-list standard M-SW3
> permit 232.6.6.6
> ip access-list standard SW2
> permit 8.8.20.20
> ip access-list standard SW3
> permit 8.8.30.30
> !
> ip access-list standard ALL
> deny 8.8.20.20
> deny 8.8.30.30
> permit any
> !
> ip access-list standard M-ALL
> deny 224.0.0.0 15.255.255.255
> !
> ip pim rp-announce-filter rp-list SW2 group-list M-SW2
> ip pim rp-announce-filter rp-list SW3 group-list M-SW3
> ip pim rp-announce-filter rp-list ALL group-list M-ALL
> !
> Kind regards,
>
> Maarten Vervoorn
>
>
> 2010/7/29 Adrian Brayton <abrayton_at_gmail.com>
>
>> Have you tried "ip pim rp-announce-filter rp-list<acl#> group-list<acl#>"
>> ? Not sure it will work on a switch but I don't see why it wouldn't...
>>
>>
>> On Jul 29, 2010, at 9:47 AM, Maarten Vervoorn wrote:
>>
>> That will break auto rp. My multicast network still needs to work. SW1
>> loopback need to reply to the other groups. Only not to group 232.55.55.55
>>
>> 2010/7/29 Adrian Brayton <abrayton_at_gmail.com>
>>
>>> Just write an ACL to block 224.0.1.39
>>>
>>>
>>> On Jul 29, 2010, at 9:36 AM, Maarten Vervoorn wrote:
>>>
>>> > Hi group,
>>> >
>>> > I was labbing up some multicast stuff. I just received a question to
>>> filter
>>> > multicast traffi of a specific group on a VLAN
>>> >
>>> > Lab setup
>>> > SW1
>>> > |
>>> > ----------------------------vl100
>>> > | |
>>> > R4--SW2 SW3
>>> > | |
>>> > R5 R6
>>> >
>>> > SW1, SW2 and SW3 are connected using a SVI interface VLAN 100
>>> > I use auto rp
>>> > SW1 = mapping agent
>>> > SW2 = RP for 232.5.5.5 and 232.55.55.55
>>> > SW3 = RP for 232.6.6.6
>>> > Loopback of SW1 has joined all the multicast groups above
>>> > R4 has joined multicast group 232.55.55.55
>>> >
>>> > I want to filter out the 232.55.55.55 traffic on vlan 100 so SW1 does
>>> not
>>> > reply to the traffice and R4 does reply to that traffic
>>> > I tried igmp filters, but those are only availeble on access ports
>>> > I triend igmp access-group on all the vlan 100 SVI interface, but SW1
>>> still
>>> > replies
>>> >
>>> > What are my options to filter multicast traffic on a VLAN?
>>> >
>>> > Thanks,
>>> >
>>> > Kind regards,
>>> >
>>> > Maarten Vervoorn
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 29 2010 - 16:48:51 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART