Solved: Multicast Group Range Filtering

Miguel Mejia · ‎01-09-2014

Hey guys,

I have a rather noob question: Would applying a multicast group filter that only permits one particular group affect the eigrp in any way?

For instance, let's I only want group 239.192.35.16 to operate in my network, so I create standard ACL 1 with the statement permit 239.192.35.16 and leave the implicit deny. Then applying it to the group range with: ip multicast group-range 1.

Would the implicit deny also deny eigrp hellos and the like, or, are the reserved multicast addresses "immune" some how?

Thanks in advance,

Miguel

paul driver · ‎01-09-2014

Hello

You don't mention how your applying this acl- If it just via a standard ip access-group xx command under the interface that eigrp in running then yes it would interfere with eigrp mc messages of (224.0.0.10) if this wasn't allowed in the acl.

However you can apply an acl but for MC IGMP which allow all hosts to just join that specific mc group you specify

Int xxx
Ip igmp access-group xxx

Res
Paul

Sent from Cisco Technical Support iPad App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎01-09-2014

Hello

You don't mention how your applying this acl- If it just via a standard ip access-group xx command under the interface that eigrp in running then yes it would interfere with eigrp mc messages of (224.0.0.10) if this wasn't allowed in the acl.

However you can apply an acl but for MC IGMP which allow all hosts to just join that specific mc group you specify

Int xxx
Ip igmp access-group xxx

Res
Paul

Sent from Cisco Technical Support iPad App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Miguel Mejia · ‎01-10-2014

Hi Paul,

Thank you for your response.

The ACL is being applied using the global command ip mutlicast group-range list. The group-range command applies the ACL to all interfaces on the router, or switch, and would filter mutlicast groups as indicated by the ACL. Normally I would agree with you in that yes it would affect eigrp, but I wasn't sure if the aforementioned command was written to ignore the reserved mutlcast range. I guess the safest way to do it would be to permit eigrp in the ACL as well.

Thanks,

Miguel

Miguel Mejia · ‎02-03-2014

All right,

So, I did some testing with the group-range command and an ACL that targets eigrp and the counters for the ACL never increased and eigrp did not freak out. Below is what I did:

ip multicast group-range NO-MCAST

ip access-list extended NO-MCAST

deny eigrp any any

I will still place the eigrp statement and any other reserved multicast groups as allowed in the ACL for the just in case, however.

Thanks,

Miguel

paul driver · ‎02-04-2014

Hello

I dont think this is required using the multicast group command- however adding the discovery and announce mc address to that group could be beneficial is using autorp

acces-list 1 permit 239.192.35.16

acces-list 1 permit 224.0.1.39

acces-list 1 permit 224.0.1.40

ip multicast group-range 1

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul