if you want to stop them from joining the group check out the command '*ip
igmp profile'*
*
*
*
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swigmp.html#wp1055584
*
*
*
*<http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swigmp.html#wp1055584>
*--
Garry L. Baker
"There is no 'patch' for stupidity." - www.sqlsecurity.com
On Thu, Jul 29, 2010 at 5:48 PM, Maarten Vervoorn <mr.vervoorn_at_gmail.com>wrote:
> Yeah that would be the easy way. But still I do not want clients to be able
> to receive that traffic. If there were clients behind SW1 who aren't
> allowed
> to receive this traffice (like Loopback of SW1) I cannot stop them from
> doing a IGMP join. I want it to be impossible for them to receive this
> traffic
> A multicast boundary does the job. I have tested it out. But I was
> wondering
> if there are any other option to filter it out
>
> 2010/7/29 Adrian Brayton <abrayton_at_gmail.com>
>
> > I guess I am missing something... If you dont want SW1 (Loopback) to
> reply
> > to 232.55.55.55, then don't join that group. All the MA does is supply a
> > map.
> >
> >
> > On Jul 29, 2010, at 10:18 AM, Maarten Vervoorn wrote:
> >
> >
> > Yes I'm using rp-annouce-filter on the mapping agent(SW1). But it still
> > needs to permit 232.55.55.55 on the RP SW2 because R4 needs that traffic.
> So
> > yes I can filter it but than R4 won't receive the traffic. below is how
> my
> > filter on the mapping agent looks like.
> >
> > ip access-list standard M-SW2
> > permit 232.55.55.55
> > permit 232.5.5.5
> > ip access-list standard M-SW3
> > permit 232.6.6.6
> > ip access-list standard SW2
> > permit 8.8.20.20
> > ip access-list standard SW3
> > permit 8.8.30.30
> > !
> > ip access-list standard ALL
> > deny 8.8.20.20
> > deny 8.8.30.30
> > permit any
> > !
> > ip access-list standard M-ALL
> > deny 224.0.0.0 15.255.255.255
> > !
> > ip pim rp-announce-filter rp-list SW2 group-list M-SW2
> > ip pim rp-announce-filter rp-list SW3 group-list M-SW3
> > ip pim rp-announce-filter rp-list ALL group-list M-ALL
> > !
> > Kind regards,
> >
> > Maarten Vervoorn
> >
> >
> > 2010/7/29 Adrian Brayton <abrayton_at_gmail.com>
> >
> >> Have you tried "ip pim rp-announce-filter rp-list<acl#>
> group-list<acl#>"
> >> ? Not sure it will work on a switch but I don't see why it wouldn't...
> >>
> >>
> >> On Jul 29, 2010, at 9:47 AM, Maarten Vervoorn wrote:
> >>
> >> That will break auto rp. My multicast network still needs to work. SW1
> >> loopback need to reply to the other groups. Only not to group
> 232.55.55.55
> >>
> >> 2010/7/29 Adrian Brayton <abrayton_at_gmail.com>
> >>
> >>> Just write an ACL to block 224.0.1.39
> >>>
> >>>
> >>> On Jul 29, 2010, at 9:36 AM, Maarten Vervoorn wrote:
> >>>
> >>> > Hi group,
> >>> >
> >>> > I was labbing up some multicast stuff. I just received a question to
> >>> filter
> >>> > multicast traffi of a specific group on a VLAN
> >>> >
> >>> > Lab setup
> >>> > SW1
> >>> > |
> >>> > ----------------------------vl100
> >>> > | |
> >>> > R4--SW2 SW3
> >>> > | |
> >>> > R5 R6
> >>> >
> >>> > SW1, SW2 and SW3 are connected using a SVI interface VLAN 100
> >>> > I use auto rp
> >>> > SW1 = mapping agent
> >>> > SW2 = RP for 232.5.5.5 and 232.55.55.55
> >>> > SW3 = RP for 232.6.6.6
> >>> > Loopback of SW1 has joined all the multicast groups above
> >>> > R4 has joined multicast group 232.55.55.55
> >>> >
> >>> > I want to filter out the 232.55.55.55 traffic on vlan 100 so SW1 does
> >>> not
> >>> > reply to the traffice and R4 does reply to that traffic
> >>> > I tried igmp filters, but those are only availeble on access ports
> >>> > I triend igmp access-group on all the vlan 100 SVI interface, but SW1
> >>> still
> >>> > replies
> >>> >
> >>> > What are my options to filter multicast traffic on a VLAN?
> >>> >
> >>> > Thanks,
> >>> >
> >>> > Kind regards,
> >>> >
> >>> > Maarten Vervoorn
> >>> >
> >>> >
> >>> > Blogs and organic groups at http://www.ccie.net
> >>> >
> >>> >
> _______________________________________________________________________
> >>> > Subscription information may be found at:
> >>> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 29 2010 - 18:03:51 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART