01-09-2014 09:23 AM - edited 03-04-2019 10:01 PM
Hey guys,
I have a rather noob question: Would applying a multicast group filter that only permits one particular group affect the eigrp in any way?
For instance, let's I only want group 239.192.35.16 to operate in my network, so I create standard ACL 1 with the statement permit 239.192.35.16 and leave the implicit deny. Then applying it to the group range with: ip multicast group-range 1.
Would the implicit deny also deny eigrp hellos and the like, or, are the reserved multicast addresses "immune" some how?
Thanks in advance,
Miguel
Solved! Go to Solution.
01-09-2014 03:28 PM
Hello
You don't mention how your applying this acl- If it just via a standard ip access-group xx command under the interface that eigrp in running then yes it would interfere with eigrp mc messages of (224.0.0.10) if this wasn't allowed in the acl.
However you can apply an acl but for MC IGMP which allow all hosts to just join that specific mc group you specify
Int xxx
Ip igmp access-group xxx
Res
Paul
Sent from Cisco Technical Support iPad App
01-09-2014 03:28 PM
Hello
You don't mention how your applying this acl- If it just via a standard ip access-group xx command under the interface that eigrp in running then yes it would interfere with eigrp mc messages of (224.0.0.10) if this wasn't allowed in the acl.
However you can apply an acl but for MC IGMP which allow all hosts to just join that specific mc group you specify
Int xxx
Ip igmp access-group xxx
Res
Paul
Sent from Cisco Technical Support iPad App
01-10-2014 04:57 AM
Hi Paul,
Thank you for your response.
The ACL is being applied using the global command ip mutlicast group-range list. The group-range command applies the ACL to all interfaces on the router, or switch, and would filter mutlicast groups as indicated by the ACL. Normally I would agree with you in that yes it would affect eigrp, but I wasn't sure if the aforementioned command was written to ignore the reserved mutlcast range. I guess the safest way to do it would be to permit eigrp in the ACL as well.
Thanks,
Miguel
02-03-2014 09:27 AM
All right,
So, I did some testing with the group-range command and an ACL that targets eigrp and the counters for the ACL never increased and eigrp did not freak out. Below is what I did:
ip multicast group-range NO-MCAST
ip access-list extended NO-MCAST
deny eigrp any any
I will still place the eigrp statement and any other reserved multicast groups as allowed in the ACL for the just in case, however.
Thanks,
Miguel
02-04-2014 03:42 AM
Hello
I dont think this is required using the multicast group command- however adding the discovery and announce mc address to that group could be beneficial is using autorp
acces-list 1 permit 239.192.35.16
acces-list 1 permit 224.0.1.39
acces-list 1 permit 224.0.1.40
ip multicast group-range 1
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide