Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
0
Helpful
0
Replies

Nexus 9K and ACL to Deny multicast

Map23
Level 1
Level 1

‎12-15-2020 09:29 AM

Hi all, 

 

I want use ACL on nexus C93180YC-FX to permit traffic just from specific (S,G) pair. 

I have a routed port configured, but seems that ACL doesn't block mcast. 

I did an "extreme" test and I use this ACL: 

 

IP access list LEAF_03_port_1
10 deny udp any any
20 deny ip any any

 

I applied this ACL to this port: 

 

interface Ethernet1/1
description "Leaf3 - Port 1"
ip access-group LEAF_03_port_1 in
ip address 10.241.3.1/30
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
ip pim passive
ip igmp version 3
ip igmp immediate-leave
no shutdown

 

Stream activated and mroute entry active:

 

(10.241.3.2/32, 227.103.2.1/32), uptime: 00:16:12, ip pim
Incoming interface: Ethernet1/1, RPF nbr: 10.241.3.2
Outgoing interface list: (count: 0)

 

I also tried to apply ACL with "PACL" command, but (as expected) I receive this error: 

 

CAG1FAB-MCN-LF03(config-if)# ip port access-group LEAF_03_port_1 in
ERROR: This access-list configuration is not allowed when the port is not a switchport

 

How is possibile that ACL didn't deny traffic ? 

 

Thanks all for support

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card