Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
3
Helpful
10
Replies

RP address with access-list help

Go to solution
dan_track
Level 1
Level 1

‎07-06-2009 06:57 AM - edited ‎03-06-2019 06:36 AM

Hi

I have two rp-addresses configured, 10.10.22.1 and 10.20.25.1. One of them has an access-list configured only allowing 224.0.24.0 0.0.0.255, while the other does not have an access list. My question is why is is that the multicast group 224.0.24.6 always has it's rp-address configured to 10.20.25.1, why not the other rp?

Config is:

ip pim rp-address 10.20.25.1 active-wan

ip pim rp-address 10.10.22.1

Thanks

Dan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
10 Replies 10

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee

‎07-06-2009 07:38 AM

Hi Dan,

Routers will always pick the highest RP address (IP address, similar to OSPF router ID) as its RP.

HTH,

jerry

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to Jerry Ye

‎07-06-2009 07:56 AM

Brilliant thanks. Am I right in thinking that if I don't want to leave the choice to this rule I need to setup access-lists to control what rp groups are used to for joining mutlicast groups?

Thanks

Dan

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to dan_track

‎07-06-2009 08:23 AM

Hi Dan,

If you don't want certain multicast group to be joined to an RP, you will have to use an ACL to filter it.

http://www.cisco.com/en/US/partner/docs/ios/ipmulti/command/reference/imc_04.html#wp1030095

HTH,

jerry

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to Jerry Ye

‎07-06-2009 08:24 AM

Hi Jerry,

The link doesn't work for me. Can you repost please.

Thanks

Dan

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to Jerry Ye

‎07-06-2009 08:34 AM

Hi Jerry,

Sorry about this.I keep getting:

"Forbidden File or Application". Maybe you have special permissions on the Cisco website, are you logged in at the moment on the website?

Thanks

Dan

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to dan_track

‎07-06-2009 09:27 AM

Hi Dan,

I did login into the CCO. The link is pretty much the command ip pim rp-address usage guide.

Regards,

jerry

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to Edison Ortiz

‎07-07-2009 12:00 AM

Thanks that worked.

One more question. In the real world when you guys (CCIE) are deploying rp-addresses do you always have access-lists associated with them and strictly define which group can connect to it?

I lack the real world experience so it would be good to know some standards to work by.

Also do you mostly define the rp-address or allow it to be dynamically chosen at each site even across wan links?

Thanks

Dan

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to dan_track

‎07-07-2009 05:17 AM

Hi Dan,

The ACL will only protect the network from unauthorized multicast group(s) to be announced by the network. It will only work if you have a pure sparse mode configuration. However, this doesn't protect you from rogue RP.

HTH,

jerry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card