RP address with access-list help

Answered Question
Jul 6th, 2009
User Badges:

Hi


I have two rp-addresses configured, 10.10.22.1 and 10.20.25.1. One of them has an access-list configured only allowing 224.0.24.0 0.0.0.255, while the other does not have an access list. My question is why is is that the multicast group 224.0.24.6 always has it's rp-address configured to 10.20.25.1, why not the other rp?


Config is:


ip pim rp-address 10.20.25.1 active-wan

ip pim rp-address 10.10.22.1


Thanks

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jerry Ye Mon, 07/06/2009 - 07:38
User Badges:
  • Cisco Employee,

Hi Dan,


Routers will always pick the highest RP address (IP address, similar to OSPF router ID) as its RP.


HTH,

jerry

dan_track Mon, 07/06/2009 - 07:56
User Badges:

Brilliant thanks. Am I right in thinking that if I don't want to leave the choice to this rule I need to setup access-lists to control what rp groups are used to for joining mutlicast groups?


Thanks

Dan

dan_track Mon, 07/06/2009 - 08:24
User Badges:

Hi Jerry,


The link doesn't work for me. Can you repost please.


Thanks

Dan

dan_track Mon, 07/06/2009 - 08:34
User Badges:

Hi Jerry,


Sorry about this.I keep getting:


"Forbidden File or Application". Maybe you have special permissions on the Cisco website, are you logged in at the moment on the website?


Thanks

Dan

Jerry Ye Mon, 07/06/2009 - 09:27
User Badges:
  • Cisco Employee,

Hi Dan,


I did login into the CCO. The link is pretty much the command ip pim rp-address usage guide.


Regards,

jerry

dan_track Tue, 07/07/2009 - 00:00
User Badges:

Thanks that worked.


One more question. In the real world when you guys (CCIE) are deploying rp-addresses do you always have access-lists associated with them and strictly define which group can connect to it?


I lack the real world experience so it would be good to know some standards to work by.


Also do you mostly define the rp-address or allow it to be dynamically chosen at each site even across wan links?


Thanks

Dan

Jerry Ye Tue, 07/07/2009 - 05:17
User Badges:
  • Cisco Employee,

Hi Dan,


The ACL will only protect the network from unauthorized multicast group(s) to be announced by the network. It will only work if you have a pure sparse mode configuration. However, this doesn't protect you from rogue RP.


HTH,

jerry

Actions

This Discussion