I have two rp-addresses configured, 10.10.22.1 and 10.20.25.1. One of them has an access-list configured only allowing 22.214.171.124 0.0.0.255, while the other does not have an access list. My question is why is is that the multicast group 126.96.36.199 always has it's rp-address configured to 10.20.25.1, why not the other rp?
ip pim rp-address 10.20.25.1 active-wan
ip pim rp-address 10.10.22.1
Solved! Go to Solution.
Brilliant thanks. Am I right in thinking that if I don't want to leave the choice to this rule I need to setup access-lists to control what rp groups are used to for joining mutlicast groups?
If you don't want certain multicast group to be joined to an RP, you will have to use an ACL to filter it.
Sorry about this.I keep getting:
"Forbidden File or Application". Maybe you have special permissions on the Cisco website, are you logged in at the moment on the website?
Try this link:
Thanks that worked.
One more question. In the real world when you guys (CCIE) are deploying rp-addresses do you always have access-lists associated with them and strictly define which group can connect to it?
I lack the real world experience so it would be good to know some standards to work by.
Also do you mostly define the rp-address or allow it to be dynamically chosen at each site even across wan links?
The ACL will only protect the network from unauthorized multicast group(s) to be announced by the network. It will only work if you have a pure sparse mode configuration. However, this doesn't protect you from rogue RP.