Filtering multicast groups

Unanswered Question
Sep 17th, 2008
User Badges:

What is the best way to filter multicast groups on a router between a provider's network and ours? We are using AutoRP between the networks.

I have a set of multicast groups that I would like to permit and filter the rest. I tried using an access-group on the interface and is added too much CPU overhead. Is there a better way to filter the groups?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vladrac-ccna Wed, 09/17/2008 - 23:32
User Badges:
  • Silver, 250 points or more

Hello Vaniello,

I believe the best way would be filtering the groups you dont want to join.

If you control the RP maybe you should use:

ip pim accept-rp {rp-address | auto-rp} [access-list]

Or simply dont allow any host to join the groups you dont want to receive traffic:

ip igmp access-group

To restrict hosts (receivers) on a subnet to joining only multicast groups that are permitted by a standard IP access list or to restrict hosts (receivers) on a subnet to membership to only the (S,G) channels that are permitted by an extended IP access list, use the ip igmp access-group command in interface configuration mode.

ip igmp access-group access-list

Let me know if this helps.


vaniello Thu, 09/18/2008 - 12:09
User Badges:

This is a router to router connection where I want to filter the groups I receive from the remote router. Will the IGMP access groups filter multicast groups between two routers, versus hosts on a LAN?



vladrac-ccna Fri, 09/19/2008 - 03:02
User Badges:
  • Silver, 250 points or more


Are you doing multicast sparse-mode using auto RP?

there should be no multicat traffic to your router if no host joins the multicast groups.



vaniello Fri, 09/19/2008 - 13:03
User Badges:

I am using sparse-dense mode with auto RP. I was under the impression that I had to use sparse-dense mode.

Using the "ip multicast boundary" command I seem to be able to filter the groups on the connection between my router and the providers.

Unfortunately, the blocked multicast groups still seem to show up in the mroute table:

(*,, 00:13:32/00:03:02, RP, flags: SP

Incoming interface: FastEthernet1/0.10, RPF nbr

Outgoing interface list: Null

While hosts can not join this group, it clutters the mroute table.



This Discussion