Showing results for 
Search instead for 
Did you mean: 

Block Multicast group RP

Level 4
Level 4


I am looking for a way to block a specific multicast group on the network that does not entail me touching all my devices to update an ACL or somthing. I was thinking, if the multicast group didnt have an RP, it would keep it off the WAN and limit it to a local segment, which is OK.

I'm trying to block, Printers and a few other things are babbling across it and there's no need for it to go across the WAN. I'm using PIM-SM and was using a static Anycast RP (with MSDP between them). So... I fired up GNS3, setup our network and started monkeying with AutoRP. AutoRP would seem to do the trick because it will recognize negative statements in the ACL. I have it setup and running in the "lab". I hae a mapping agent and the candidate RP. Assume PIM is working as expected.

Candidate RP:

R1= Candidate RP:

R1(config-std-nacl)#do sh access-list 1

Standard IP access list 1

    5 deny

    10 permit, wildcard bits

ip pim send-rp-announce scope 25 group-list 1 interval 5

R2= Mapping Agent:

ip pim autorp listener

ip pim send-rp-discovery Loopback0 scope 200

R3= A Branch Router:

R4#sh ip pim rp mapping

PIM Group-to-RP Mappings


  RP (?), v2v1

    Info source: (?), elected via Auto-RP

         Uptime: 00:16:46, expires: 00:02:33

Group(s) (-)

  RP (?), v2v1

    Info source: (?), elected via Auto-RP

         Uptime: 00:08:33, expires: 00:02:36

So AutoRP seems to be working, my RP mappings are getting to my branch... What does the ( - ) next to the group i want to deny signify? will it not use that RP for that group?

2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee


This configuration causes the Candidate RP to announce its willingness to be a RP for all multicast groups except The problem with this configuration is that this group basically does not have a RP and if the routers are configured as ip pim sparse-dense-mode they will fall back to PIM-DM operation for this particular group. This would be remedied best by reconfiguring the entire network for ip pim sparse-mode or no ip pim dm-fallback.

A different solution would be to have your Candidate RP become an RP for all groups, and then use the ip pim accept-register list ACL command on this RP to filter out all PIM Register messages that are coming for a particular (S, G), in this case, the (*,

See more about the command here:

Best regards,


Level 4
Level 4

Thanks Peter. I'm not using sparse-dense. Mode. I'm using ip pim autorp listener to avoid that behavior. I haven't had a chance to check the link you included, but I will so later today.

Sent from Cisco Technical Support iPhone App

Review Cisco Networking for a $25 gift card