Hi Simon With OSPF or EIGRP or RIPv2, the router keep listening to a multicast address for updates. For example for RIP, the router listens to 224.0.0.9.
You need not configure "ip igmp join-group" on the router's interface to listen to 224.0.0.9 to get RIP routing updates. The router does it automatically. But for other multicast feeds, you need to configure the router using "ip igmp join-group" or "ip igmp static-group". With GETVPN, to make the Group member automatically start listening to the rekey updates, the Key Server has that ACL configured I configure the following ACL in the Key server. access-list 121 permit ip any host 239.0.1.2 When this ACL is downloaded to Group Member, it start listening to 239.0.1.2 from any source. When the Key server sends the rekey using the multicast address 239.0.1.2, the Group member recieves it. With regards Kings On Thu, Mar 18, 2010 at 3:41 PM, Simon Baumann <[email protected]>wrote: > > Hi, > if I understand the GETVPN concept correct, the default rekey method is > multicast and you have to define an ACL for the rekey configuration. The > documentation has this example: > > > Example: > Router(config)# access-list 121 permit udp host 10.0.5.2 eq 848 host > 239.0.1.2 eq 848 > > So in this case, the KS would be 10.0.5.2 and 239.0.1.2 is the multicast > address used for GETVPN. I'm unsure why we have to define this? What would > happen if we would configure this > ACL with "permit ip any any"? > > Cheers > Simon > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
