Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ip pim neighbor-policy not working on Nexus 7K

Hi all,

 

I have the following configuration on a couple of Nexus 7K:

N7K-1

interface Vlan3
  vrf member TEST
  ip address 10.139.7.252/22
  ip pim sparse-mode
  ip pim dr-priority 100
  ip pim hello-interval 5000
  no shutdown

 

N7K-2

interface Vlan3
  vrf member TEST
  ip address 10.139.7.253/22
  ip pim sparse-mode
  ip pim hello-interval 5000
  ip pim neighbor-policy FILTER-PIM-MAP
  no shutdown

ip access-list FILTER-PIM
  5 deny pim 10.139.7.252/32 any 
  6 deny pim 10.139.7.252/32 224.0.0.13/32 
  10 deny pim 10.139.7.252/32 any 
  20 permit ip any any 

route-map FILTER-PIM-MAP permit 10
  match ip address FILTER-PIM

 

 

Neighbor-policy is not working. PIM neighborship on SVI 3 is still up between Nexus 1 and 2.

Does anybody know what is wrong on the route-map and ACL?

 

Regards

Stefano

 

Everyone's tags (1)
10 REPLIES

I believe you are matching

I believe you are matching /32 in access-list whereas your SVI IP is /22

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
Community Member

The SVI is /22 but the PIM

The SVI is /22 but the PIM packets are sourced by the physical IP address /32.

If I put /22 instead the result is the same, PIM neighborship up.

 

Stefano

Apply the policy in Nexus 7K

Apply the policy in Nexus 7K-1 as the source is 10.139.7.252 or change the source to 10.139.7.253 in the access-list of Nexus-7K-2

 

ip access-list FILTER-PIM
  5 deny pim 10.139.7.252/32 any 
  6 deny pim 10.139.7.252/32 224.0.0.13/32 
  10 deny pim 10.139.7.252/32 any 
  20 permit ip any any

route-map FILTER-PIM-MAP permit 10
  match ip address FILTER-PIM

 

interface Vlan3
  vrf member TEST
  ip address 10.139.7.252/22
  ip pim sparse-mode
  ip pim dr-priority 100
  ip pim hello-interval 5000

 ip pim neighbor-policy FILTER-PIM-MAP
  no shutdown

Regards

Thanveer

Please Rate if the post is helpful

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
Community Member

Hi Thanveer,I tried it but

Hi Thanveer,

I tried it but unfortunately it doesn't work.

I think neighbor-policy is for PIM hello received by other devices.

 

Regards

Stefano 

 

Hmm true,How about this

Hmm true,

How about this command  on Nexus-7k-1

ip igmp helper-address

Causes the system to forward all IGMP host reports and leave messages received on the interface to the specified IP address.


ip igmp helper-address 10.139.7.253

 

Regards

Thanveer

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Hello Friend, I found this,

Hello Friend,

 

I found this, it may be helpful to you,

N7K-1-Core1# config
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-1-Core1(config)# route-map pim-policy deny 10
N7K-1-Core1(config-route-map)# match ip multicast group 239.100.10.1/32
N7K-1-Core1(config-route-map)# route-map pim-policy deny 20
N7K-1-Core1(config-route-map)# match ip multicast group 224.0.0.0/4
N7K-1-Core1(config-route-map)# int vlan 3

N7K-1-Core1(config-if)# ip pim jp-policy pim-policy in
N7K-1-Core1(config-if)# end
 

http://my.safaribooksonline.com/book/databases/data-warehouses/9780132883573/chapter-4dot-ip-multicast-configuration/ch04lev1sec9_html

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
Community Member

Hi Thanveer,the jp-policy is

Hi Thanveer,

the jp-policy is used when you want to filter Join and Prune PIM messages, but I'd like to filter Hello PIM nessages and for this the neighbor-policy option should work...

Regards

Stefano

Trying to find the solution

Trying to find the solution dear.  If you find the solution provide it here.

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
Community Member

Hi Thanveer,finally I got the

Hi Thanveer,

finally I got the solution.

A prefix-list has to be used insted of access-list:

ip prefix-list filter-pim seq 5 deny 10.139.7.252/32 
ip prefix-list filter-pim seq 10 permit 0.0.0.0/0 le 32 

route-map FILTER-PIM-MAP permit 10
  match ip address prefix-list filter-pim 

 

Thanks for your support

Stefano

Fantastic, good to hear.I was

Fantastic, good to hear.

I was about to give a reply stating that can we check the command sh ip pim interface vlan 3, to see whether the policy is implemented or not.

Thanks to you too Friend.

Regards
Thanveer
“Acquire Knowledge and Learn Tranquillity and Dignity”

Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
724
Views
10
Helpful
10
Replies
CreatePlease to create content