07-06-2009 06:57 AM - edited 03-06-2019 06:36 AM
Hi
I have two rp-addresses configured, 10.10.22.1 and 10.20.25.1. One of them has an access-list configured only allowing 224.0.24.0 0.0.0.255, while the other does not have an access list. My question is why is is that the multicast group 224.0.24.6 always has it's rp-address configured to 10.20.25.1, why not the other rp?
Config is:
ip pim rp-address 10.20.25.1 active-wan
ip pim rp-address 10.10.22.1
Thanks
Dan
Solved! Go to Solution.
07-06-2009 08:30 AM
07-06-2009 07:38 AM
Hi Dan,
Routers will always pick the highest RP address (IP address, similar to OSPF router ID) as its RP.
HTH,
jerry
07-06-2009 07:56 AM
Brilliant thanks. Am I right in thinking that if I don't want to leave the choice to this rule I need to setup access-lists to control what rp groups are used to for joining mutlicast groups?
Thanks
Dan
07-06-2009 08:23 AM
Hi Dan,
If you don't want certain multicast group to be joined to an RP, you will have to use an ACL to filter it.
http://www.cisco.com/en/US/partner/docs/ios/ipmulti/command/reference/imc_04.html#wp1030095
HTH,
jerry
07-06-2009 08:24 AM
Hi Jerry,
The link doesn't work for me. Can you repost please.
Thanks
Dan
07-06-2009 08:30 AM
07-06-2009 08:34 AM
Hi Jerry,
Sorry about this.I keep getting:
"Forbidden File or Application". Maybe you have special permissions on the Cisco website, are you logged in at the moment on the website?
Thanks
Dan
07-06-2009 09:27 AM
Hi Dan,
I did login into the CCO. The link is pretty much the command ip pim rp-address usage guide.
Regards,
jerry
07-06-2009 09:58 AM
Try this link:
http://www.cisco.com/en/US/docs/ios/ipmulti/command/reference/imc_04.html#wp1030095
HTH,
__
Edison.
07-07-2009 12:00 AM
Thanks that worked.
One more question. In the real world when you guys (CCIE) are deploying rp-addresses do you always have access-lists associated with them and strictly define which group can connect to it?
I lack the real world experience so it would be good to know some standards to work by.
Also do you mostly define the rp-address or allow it to be dynamically chosen at each site even across wan links?
Thanks
Dan
07-07-2009 05:17 AM
Hi Dan,
The ACL will only protect the network from unauthorized multicast group(s) to be announced by the network. It will only work if you have a pure sparse mode configuration. However, this doesn't protect you from rogue RP.
HTH,
jerry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: