Solved: Re: Multicast ACL Question

rtannertwc · ‎02-17-2011

I am trying to work out an ACL to allow nothing to certain external equipment except for source specific multicast from a very select group of sources. My worry is that PIM and IGMP will be blocked by the ACL if not designed properly and I won't really have a chance to test it live before I actually put it on the ports. My first thought was an output filter placed on the ports that the equipment is physically connected to. Do I need specific lines to allow PIM and IGMP? I must admit I am not that experienced with ACLs so any help would be appreciated.

Ryan

Fabrice Ducomble · ‎02-17-2011

An outbound access-list doesn't filter traffic originated by the router itself. So there is no need to add lines to permit PIM/IGMP/OSPF or any other control plane protocols.

Alternatively, you can use some control plane filters, like multicast boundaries or IGMP group filters. Control plane filters are typically preferred since they can avoid the undesired streams requested by external equipments to be requested by the connected router in the first place (instead of data plane filters which block the stream in data plane, without control plane optimization)

View solution in original post

Fabrice Ducomble · ‎02-17-2011

An outbound access-list doesn't filter traffic originated by the router itself. So there is no need to add lines to permit PIM/IGMP/OSPF or any other control plane protocols.

Alternatively, you can use some control plane filters, like multicast boundaries or IGMP group filters. Control plane filters are typically preferred since they can avoid the undesired streams requested by external equipments to be requested by the connected router in the first place (instead of data plane filters which block the stream in data plane, without control plane optimization)

rtannertwc · ‎02-17-2011

that makes a lot of sense. Thanks. It will be a bit before I can roll this on because the ports are live but your explination works for me.

Ryan