thank you all
when i split RP announcements with group list containing two statements 224.0.0.0 7.255.255.255 232.0.0.0 7.255.255.255 AND started filting on ma and it was successfull. As correctly said by alex ... MA can filter only if candidate RP announcements maches exaclty the filtering acl by MA .else entire block is blocked :) ================================================================================== secondly with multicast boundary with filter auto rp option.... if MA adveritsement must match the filtering acl used for multicast boundary. let say MA is adveritsing 232.0.0.0 7.255.255.255 and multicast boundary ACL only denies a subset of this block.ie 232.0.0.0 the entire block gets filtered in " show ip pim rp mapping " output . though traffic would flow with " sparse-dense mode " pim flavor On Tue, Mar 26, 2013 at 12:41 AM, <[email protected]> wrote: > Hello, > > For me that is correct. > > The rp-announce filter should to match the send-rp-announce filter used > by the candidate rp. > If the groups requested by the RP do not match the filter installed to > mapping agent, the cRPs requests that do not match > will be discarded. > > Example: CRP ask 225.0.0.0/8 and 226.0.0.0/8 however MA will forbidd > just 225.0.0.0/8, Rp selected will be RP for only 226.0.0.0/8 > RP ask 224.0.0.0/4 hence entire block address, and MA filter 227.0.0.0/8 > CRP not should be RP for any group; for this specific case if a range > advertise from an RP overlap with denied group range to MA it will > filtered. > > The opposite thing 227.0.0.0/8 advertised to Rp and MA filter entire > block it should still work > > In alternative: > ip pim send-rp-discovery LoopbackO scope 1 or multicast boundary with > option filter autorp this option block messages control plane about rp > discovery, without option autorp block just multicast traffic but permit > rp discovery > > I hope this help. > > On Mon, Mar 25, 2013, at 09:02 PM, Imran Ali wrote: > > Hi all. > > > > i have a basic topology ... R3------R1 > > > > R3 is advertising himself as rp for complete block ... > > ip pim send-rp-announce lo 0 scope 10 interval 5 > > > > R1 the mapping agent ..wants to filter groups from R3 ...ie R3 sould > > only service 232.0.0.0 7.255.255.255 > > > > so here what i did on R1 the MA > > R1#conf t > > Enter configuration commands, one per line. End with CNTL/Z. > > > > R1(config)#access-list 2 deny 224.0.0.0 7.255.255.255 > > > > R1(config)#access-list 2 permit 232.0.0.0 7.255.255.255 > > R1(config)#exit > > > > > > ip pim autorp listener > > ip pim send-rp-discovery FastEthernet0/0 scope 10 > > ip pim rp-announce-filter rp-list 1 group-list 2 > > > > R1#show ip pim rp map > > > > PIM Group-to-RP Mappings > > This system is an RP-mapping agent (FastEthernet0/0) > > R1#show ip pim rp map > > > > PIM Group-to-RP Mappings > > This system is an RP-mapping agent (FastEthernet0/0) > > > > R1#show access-lists > > Standard IP access list 1 > > 10 permit 13.0.0.3 (140 matches) > > > > Standard IP access list 2 > > 10 deny 224.0.0.0, wildcard bits 7.255.255.255 (20 matches) > > 20 permit 232.0.0.0, wildcard bits 7.255.255.255 > > > > As you can see denying only a subset of 224.0.0.0 is making it > > deny complete block ... > > > > is this normal behavior ?? > > > > Can any one try the same requirmnet and see if it works > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > > -- > This message is intended for the individual(s) to whom it is addressed > and may contain information that is privileged or confidential. > If you are not the addressee you must not read,use or disclose the > contents of this email. > Whilst all reasonable care has been taken to avoid the transmission of > viruses, the recipient should carry out virus and other checks, > as they consider appropriate. > Myself accepts no responsibility in this regard. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
