Re: ACCEPT-RP

i will give an explanation a go...

this command 'ip pim accept-rp' i usually use with an access-list that lists
the groups that i allow for that rp-address

so the rp-address is the ip address of the RP that you want certain groups
to be able to join, so this will start as IGMP joins(membership report/query
) than the router will turn them into PIM register join/prune messages
headed for the RP, so this should only be affecting PIM register join/prunes
the way i see it, and that is what i seen in wireshark also, did my setup in
gns3, and the embedded wireshark sheds alot of light...

so you can either put this just on the RP and the RP will drop them or you
can put them on all the routers in the multicast path to the RP and drop
them before they get to the RP

easy enough to see happen in simple topo

R1 <-> R2 <-> R3

make R3 the rp and have R1 join some group that is not in the access-list
you specify and see the message on R3 denying the "joins"
R3#
*Mar 1 00:17:11.759: %PIM-6-INVALID_RP_JOIN: Received (*, 239.11.11.11)
Join from 23.23.23.2 for invalid RP 3.3.3.3
*Mar 1 00:17:29.819: %PIM-1-INVALID_RP_REG: Received Register from router
12.12.12.1 for group 239.11.11.11, 3.3.3.3 not willing to be RP

move the command back to R2 and watch the joins get dropped there instead:
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip pim accept-rp 3.3.3.3 ALLOWED_MGROUPS
R2(config)#!
R2(config)#ip access-list standard ALLOWED_MGROUPS
R2(config-std-nacl)# permit 239.3.3.3
R2(config-std-nacl)# permit 239.2.2.2
R2(config-std-nacl)#
*Mar 1 00:29:42.987: %PIM-6-INVALID_RP_JOIN: Received (*, 239.11.11.11)
Join from 12.12.12.1 for invalid RP 3.3.3.3

--
Garry L. Baker
"There is no 'patch' for stupidity." - www.sqlsecurity.com
On Wed, Oct 20, 2010 at 1:41 AM, Muzammil Malick <malickmuz_at_gmail.com>wrote:
> All
>
> I am struggling to understand exactly what the following command does.
>
> ip pim accept-rp <rp-address|auto-rp>
>
> The Documentation says:
>
>  rp-address
> RP address of the RP allowed to send join messages to groups in the
> range specified by the group access list.
>
> auto-rp
> Accepts join and register messages only for RPs that are in the Auto-RP
> cache.
>
> For the RP-address what does this even mean? The RP does not send join
> messages right? A join message here is an IGMP message i take it?
>
> For the auto-rp it says it accepts "join" and "register" messages.
> Here I take it that a "join" is an IGMP message and that a "register"
> is a source trying to register with the RP?
>
> Please can anyone shed any light as to what exactly the whole point is?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net