RP address with access-list help

Answered Question
Jul 6th, 2009

Hi

I have two rp-addresses configured, 10.10.22.1 and 10.20.25.1. One of them has an access-list configured only allowing 224.0.24.0 0.0.0.255, while the other does not have an access list. My question is why is is that the multicast group 224.0.24.6 always has it's rp-address configured to 10.20.25.1, why not the other rp?

Config is:

ip pim rp-address 10.20.25.1 active-wan

ip pim rp-address 10.10.22.1

Thanks

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jerry Ye Mon, 07/06/2009 - 07:38

Hi Dan,

Routers will always pick the highest RP address (IP address, similar to OSPF router ID) as its RP.

HTH,

jerry

dan_track Mon, 07/06/2009 - 07:56

Brilliant thanks. Am I right in thinking that if I don't want to leave the choice to this rule I need to setup access-lists to control what rp groups are used to for joining mutlicast groups?

Thanks

Dan

dan_track Mon, 07/06/2009 - 08:24

Hi Jerry,

The link doesn't work for me. Can you repost please.

Thanks

Dan

dan_track Mon, 07/06/2009 - 08:34

Hi Jerry,

Sorry about this.I keep getting:

"Forbidden File or Application". Maybe you have special permissions on the Cisco website, are you logged in at the moment on the website?

Thanks

Dan

Jerry Ye Mon, 07/06/2009 - 09:27

Hi Dan,

I did login into the CCO. The link is pretty much the command ip pim rp-address usage guide.

Regards,

jerry

dan_track Tue, 07/07/2009 - 00:00

Thanks that worked.

One more question. In the real world when you guys (CCIE) are deploying rp-addresses do you always have access-lists associated with them and strictly define which group can connect to it?

I lack the real world experience so it would be good to know some standards to work by.

Also do you mostly define the rp-address or allow it to be dynamically chosen at each site even across wan links?

Thanks

Dan

Jerry Ye Tue, 07/07/2009 - 05:17

Hi Dan,

The ACL will only protect the network from unauthorized multicast group(s) to be announced by the network. It will only work if you have a pure sparse mode configuration. However, this doesn't protect you from rogue RP.

HTH,

jerry

Actions

This Discussion