Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

RP address with access-list help

Hi

I have two rp-addresses configured, 10.10.22.1 and 10.20.25.1. One of them has an access-list configured only allowing 224.0.24.0 0.0.0.255, while the other does not have an access list. My question is why is is that the multicast group 224.0.24.6 always has it's rp-address configured to 10.20.25.1, why not the other rp?

Config is:

ip pim rp-address 10.20.25.1 active-wan

ip pim rp-address 10.10.22.1

Thanks

Dan

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: RP address with access-list help

10 REPLIES
Cisco Employee

Re: RP address with access-list help

Hi Dan,

Routers will always pick the highest RP address (IP address, similar to OSPF router ID) as its RP.

HTH,

jerry

New Member

Re: RP address with access-list help

Brilliant thanks. Am I right in thinking that if I don't want to leave the choice to this rule I need to setup access-lists to control what rp groups are used to for joining mutlicast groups?

Thanks

Dan

Cisco Employee

Re: RP address with access-list help

Hi Dan,

If you don't want certain multicast group to be joined to an RP, you will have to use an ACL to filter it.

http://www.cisco.com/en/US/partner/docs/ios/ipmulti/command/reference/imc_04.html#wp1030095

HTH,

jerry

New Member

Re: RP address with access-list help

Hi Jerry,

The link doesn't work for me. Can you repost please.

Thanks

Dan

Cisco Employee

Re: RP address with access-list help

New Member

Re: RP address with access-list help

Hi Jerry,

Sorry about this.I keep getting:

"Forbidden File or Application". Maybe you have special permissions on the Cisco website, are you logged in at the moment on the website?

Thanks

Dan

Cisco Employee

Re: RP address with access-list help

Hi Dan,

I did login into the CCO. The link is pretty much the command ip pim rp-address usage guide.

Regards,

jerry

Hall of Fame Super Bronze

Re: RP address with access-list help

New Member

Re: RP address with access-list help

Thanks that worked.

One more question. In the real world when you guys (CCIE) are deploying rp-addresses do you always have access-lists associated with them and strictly define which group can connect to it?

I lack the real world experience so it would be good to know some standards to work by.

Also do you mostly define the rp-address or allow it to be dynamically chosen at each site even across wan links?

Thanks

Dan

Cisco Employee

Re: RP address with access-list help

Hi Dan,

The ACL will only protect the network from unauthorized multicast group(s) to be announced by the network. It will only work if you have a pure sparse mode configuration. However, this doesn't protect you from rogue RP.

HTH,

jerry

209
Views
3
Helpful
10
Replies
CreatePlease to create content