Hello, For me that is correct.
The rp-announce filter should to match the send-rp-announce filter used by the candidate rp. If the groups requested by the RP do not match the filter installed to mapping agent, the cRPs requests that do not match will be discarded. Example: CRP ask 225.0.0.0/8 and 226.0.0.0/8 however MA will forbidd just 225.0.0.0/8, Rp selected will be RP for only 226.0.0.0/8 RP ask 224.0.0.0/4 hence entire block address, and MA filter 227.0.0.0/8 CRP not should be RP for any group; for this specific case if a range advertise from an RP overlap with denied group range to MA it will filtered. The opposite thing 227.0.0.0/8 advertised to Rp and MA filter entire block it should still work In alternative: ip pim send-rp-discovery LoopbackO scope 1 or multicast boundary with option filter autorp this option block messages control plane about rp discovery, without option autorp block just multicast traffic but permit rp discovery I hope this help. On Mon, Mar 25, 2013, at 09:02 PM, Imran Ali wrote: > Hi all. > > i have a basic topology ... R3------R1 > > R3 is advertising himself as rp for complete block ... > ip pim send-rp-announce lo 0 scope 10 interval 5 > > R1 the mapping agent ..wants to filter groups from R3 ...ie R3 sould > only service 232.0.0.0 7.255.255.255 > > so here what i did on R1 the MA > R1#conf t > Enter configuration commands, one per line. End with CNTL/Z. > > R1(config)#access-list 2 deny 224.0.0.0 7.255.255.255 > > R1(config)#access-list 2 permit 232.0.0.0 7.255.255.255 > R1(config)#exit > > > ip pim autorp listener > ip pim send-rp-discovery FastEthernet0/0 scope 10 > ip pim rp-announce-filter rp-list 1 group-list 2 > > R1#show ip pim rp map > > PIM Group-to-RP Mappings > This system is an RP-mapping agent (FastEthernet0/0) > R1#show ip pim rp map > > PIM Group-to-RP Mappings > This system is an RP-mapping agent (FastEthernet0/0) > > R1#show access-lists > Standard IP access list 1 > 10 permit 13.0.0.3 (140 matches) > > Standard IP access list 2 > 10 deny 224.0.0.0, wildcard bits 7.255.255.255 (20 matches) > 20 permit 232.0.0.0, wildcard bits 7.255.255.255 > > As you can see denying only a subset of 224.0.0.0 is making it > deny complete block ... > > is this normal behavior ?? > > Can any one try the same requirmnet and see if it works > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs -- This message is intended for the individual(s) to whom it is addressed and may contain information that is privileged or confidential. If you are not the addressee you must not read,use or disclose the contents of this email. Whilst all reasonable care has been taken to avoid the transmission of viruses, the recipient should carry out virus and other checks, as they consider appropriate. Myself accepts no responsibility in this regard. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
