Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multicast Group Range Filtering

Hey guys,

I have a rather noob question: Would applying a multicast group filter that only permits one particular group affect the eigrp in any way?

For instance, let's I only want group 239.192.35.16 to operate in my network, so I create standard ACL 1 with the statement permit 239.192.35.16 and leave the implicit deny. Then applying it to the group range with: ip multicast group-range 1.

Would the implicit deny also deny eigrp hellos and the like, or, are the reserved multicast addresses "immune" some how?

Thanks in advance,

Miguel

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Multicast Group Range Filtering

Hello

You don't mention how your applying this acl- If it just via a standard ip access-group xx command under the interface that eigrp in running then yes it would interfere with eigrp mc messages of (224.0.0.10) if this wasn't allowed in the acl.

However you can apply an acl but for MC IGMP which allow all hosts to just join that specific mc group you specify

Int xxx
Ip igmp access-group xxx


Res
Paul


Sent from Cisco Technical Support iPad App

Please don't forget to rate any posts that have been helpful. Thanks.
4 REPLIES

Re: Multicast Group Range Filtering

Hello

You don't mention how your applying this acl- If it just via a standard ip access-group xx command under the interface that eigrp in running then yes it would interfere with eigrp mc messages of (224.0.0.10) if this wasn't allowed in the acl.

However you can apply an acl but for MC IGMP which allow all hosts to just join that specific mc group you specify

Int xxx
Ip igmp access-group xxx


Res
Paul


Sent from Cisco Technical Support iPad App

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Re: Multicast Group Range Filtering

Hi Paul,

Thank you for your response.

The ACL is being applied using the global command ip mutlicast group-range list. The group-range command applies the ACL to all interfaces on the router, or switch, and would filter mutlicast groups as indicated by the ACL. Normally I would agree with you in that yes it would affect eigrp, but I wasn't sure if the aforementioned command was written to ignore the reserved mutlcast range. I guess the safest way to do it would be to permit eigrp in the ACL as well.

Thanks,

Miguel

New Member

Re: Multicast Group Range Filtering

All right,

So, I did some testing with the group-range command and an ACL that targets eigrp and the counters for the ACL never increased and eigrp did not freak out. Below is what I did:

ip multicast group-range NO-MCAST

ip access-list extended NO-MCAST

     deny eigrp any any

I will still place the eigrp statement and any other reserved multicast groups as allowed in the ACL for the just in case, however.

Thanks,

Miguel

Re: Multicast Group Range Filtering

Hello

I dont think this is required using the multicast group command- however adding the discovery and announce mc address to that group could be beneficial is using autorp

acces-list 1 permit 239.192.35.16

acces-list 1 permit 224.0.1.39

acces-list 1 permit 224.0.1.40

ip multicast group-range 1

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
287
Views
0
Helpful
4
Replies