Re: Filter Multicast Traffic on VLAN from Maarten Vervoorn on 2010-07-29 (Ccielab archives 07/2010)

From: Maarten Vervoorn <mr.vervoorn_at_gmail.com>
Date: Thu, 29 Jul 2010 16:18:17 +0200

Yes I'm using rp-annouce-filter on the mapping agent(SW1). But it still
needs to permit 232.55.55.55 on the RP SW2 because R4 needs that traffic. So
yes I can filter it but than R4 won't receive the traffic. below is how my
filter on the mapping agent looks like.

ip access-list standard M-SW2
permit 232.55.55.55
permit 232.5.5.5
ip access-list standard M-SW3
permit 232.6.6.6
ip access-list standard SW2
permit 8.8.20.20
ip access-list standard SW3
permit 8.8.30.30
!
ip access-list standard ALL
deny 8.8.20.20
deny 8.8.30.30
permit any
!
ip access-list standard M-ALL
deny 224.0.0.0 15.255.255.255
!
ip pim rp-announce-filter rp-list SW2 group-list M-SW2
ip pim rp-announce-filter rp-list SW3 group-list M-SW3
ip pim rp-announce-filter rp-list ALL group-list M-ALL
!
Kind regards,

Maarten Vervoorn

2010/7/29 Adrian Brayton <abrayton_at_gmail.com>

> Have you tried "ip pim rp-announce-filter rp-list<acl#> group-list<acl#>" ?
> Not sure it will work on a switch but I don't see why it wouldn't...
>
>
> On Jul 29, 2010, at 9:47 AM, Maarten Vervoorn wrote:
>
> That will break auto rp. My multicast network still needs to work. SW1
> loopback need to reply to the other groups. Only not to group 232.55.55.55
>
> 2010/7/29 Adrian Brayton <abrayton_at_gmail.com>
>
>> Just write an ACL to block 224.0.1.39
>>
>>
>> On Jul 29, 2010, at 9:36 AM, Maarten Vervoorn wrote:
>>
>> > Hi group,
>> >
>> > I was labbing up some multicast stuff. I just received a question to
>> filter
>> > multicast traffi of a specific group on a VLAN
>> >
>> > Lab setup
>> > SW1
>> > |
>> > ----------------------------vl100
>> > | |
>> > R4--SW2 SW3
>> > | |
>> > R5 R6
>> >
>> > SW1, SW2 and SW3 are connected using a SVI interface VLAN 100
>> > I use auto rp
>> > SW1 = mapping agent
>> > SW2 = RP for 232.5.5.5 and 232.55.55.55
>> > SW3 = RP for 232.6.6.6
>> > Loopback of SW1 has joined all the multicast groups above
>> > R4 has joined multicast group 232.55.55.55
>> >
>> > I want to filter out the 232.55.55.55 traffic on vlan 100 so SW1 does
>> not
>> > reply to the traffice and R4 does reply to that traffic
>> > I tried igmp filters, but those are only availeble on access ports
>> > I triend igmp access-group on all the vlan 100 SVI interface, but SW1
>> still
>> > replies
>> >
>> > What are my options to filter multicast traffic on a VLAN?
>> >
>> > Thanks,
>> >
>> > Kind regards,
>> >
>> > Maarten Vervoorn
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 29 2010 - 16:18:17 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART