Re: [j-nsp] Multicast IGMP filter

Fri, 18 Jan 2013 13:17:00 -0800 

On 1/18/2013 2:37 AM, Riccardo S wrote:



Hi

I’ve
an IGMP filter applied to some interfaces and done in this way:


  


set
protocols igmp interface gr-0/0/0.11 group-policy IGMP-test-B


  


This
filter is needed to avoid the join report from the remote CPE for none group
otherwise not explicitly permitted. Here the policy:


  


set
policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
239.239.239.239/32 exact

set
policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
239.239.233.233/32 exact

set
policy-options policy-statement IGMP-test-B term PAYTV-FEED-B then accept

set
policy-options policy-statement IGMP-test-B term LAST then reject


  


My
question is: my customer uses IGMPv3, can I also filter the source of the group 
to be permitted ?


  


I’ve
done in this way:


  


set
policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
239.239.239.239/32 exact

set
policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
239.239.233.233/32 exact

set
policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from 
source-address-filter
10.1.1.1 exact

set
policy-options policy-statement IGMP-test-B term PAYTV-FEED-B then accept

set
policy-options policy-statement IGMP-test-B term LAST then reject


  


But
is not working since my customer use IGMP v2 (I guesS), I always get the flow 
also from
other sources...


Is
there a way to filter the source with IGMPv2 ?


Or  is there another way to avoid my customer to
get the flow from a source not permitted ?


Any
advice ?


  


Tks

                                        
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp





Since your client isn't using IGMPv3 then they are always going to see 
every source for a group.   I guess your customer can't move to IGMPv3?


Have you tried a simple firewall filter for the sources you don't want?


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp






















					Reply via email to