IPV6 mld join-group with IPV6 mld access-group

Hi all,

Quick question from a scenario I just labbed up...

It is a simple three router configuration on a shared segment. R1 is
the statically assigned RP. R2's config is as follows:

interface FastEthernet0/1
 ipv6 mld join-group FF0D::7
 ipv6 mld access-group NO_ATTEMPT
!
ipv6 access-list NO_ATTEMPT
 deny ipv6 any host FF0D::7
 permit ipv6 any any
!

R3 is getting responses when sending pings to that address from R2.
Is the mld join-group overriding the mld access-group? Furthermore,
how can I debug this scenario? I am getting this output from debug
ipv6 mld interface fastEthernet 0/1 on R2, which seems inconsistent
with the responses:
*Aug 21 18:21:41.080: MLD: Group FF0D::7 access denied on FastEthernet0/1

So, why would it respond to the pings from R3?

Here is R2's output from show ipv6 mroute: (2001::3 is R3)

(*, FF0D::7), 00:16:17/never, RP 2001::1, flags: SPCL
  Incoming interface: FastEthernet0/1
  RPF nbr: FE80::223:EBFF:FE6E:F9B8

(2001::3, FF0D::7), 00:07:12/00:03:21, flags: SPFT
  Incoming interface: FastEthernet0/1
  RPF nbr: FE80::223:EBFF:FE6F:2F70

Any help would be greatly appreciated! Thanks.

Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 21 2011 - 14:14:39 ART