03-18-2014 01:16 AM - edited 03-07-2019 06:44 PM
Hi all,
I have the following configuration on a couple of Nexus 7K:
N7K-1
interface Vlan3
vrf member TEST
ip address 10.139.7.252/22
ip pim sparse-mode
ip pim dr-priority 100
ip pim hello-interval 5000
no shutdown
N7K-2
interface Vlan3
vrf member TEST
ip address 10.139.7.253/22
ip pim sparse-mode
ip pim hello-interval 5000
ip pim neighbor-policy FILTER-PIM-MAP
no shutdown
ip access-list FILTER-PIM
5 deny pim 10.139.7.252/32 any
6 deny pim 10.139.7.252/32 224.0.0.13/32
10 deny pim 10.139.7.252/32 any
20 permit ip any any
route-map FILTER-PIM-MAP permit 10
match ip address FILTER-PIM
Neighbor-policy is not working. PIM neighborship on SVI 3 is still up between Nexus 1 and 2.
Does anybody know what is wrong on the route-map and ACL?
Regards
Stefano
03-18-2014 02:56 AM
I believe you are matching /32 in access-list whereas your SVI IP is /22
03-18-2014 04:58 AM
The SVI is /22 but the PIM packets are sourced by the physical IP address /32.
If I put /22 instead the result is the same, PIM neighborship up.
Stefano
03-19-2014 12:39 AM
Apply the policy in Nexus 7K-1 as the source is 10.139.7.252 or change the source to 10.139.7.253 in the access-list of Nexus-7K-2
ip access-list FILTER-PIM
5 deny pim 10.139.7.252/32 any
6 deny pim 10.139.7.252/32 224.0.0.13/32
10 deny pim 10.139.7.252/32 any
20 permit ip any any
route-map FILTER-PIM-MAP permit 10
match ip address FILTER-PIM
interface Vlan3
vrf member TEST
ip address 10.139.7.252/22
ip pim sparse-mode
ip pim dr-priority 100
ip pim hello-interval 5000
ip pim neighbor-policy FILTER-PIM-MAP
no shutdown
Regards
Thanveer
Please Rate if the post is helpful
03-19-2014 12:42 AM
Hi Thanveer,
I tried it but unfortunately it doesn't work.
I think neighbor-policy is for PIM hello received by other devices.
Regards
Stefano
03-19-2014 01:56 AM
Hmm true,
How about this command on Nexus-7k-1
ip igmp helper-address | Causes the system to forward all IGMP host reports and leave messages received on the interface to the specified IP address. |
ip igmp helper-address 10.139.7.253
Regards
Thanveer
03-19-2014 02:56 AM
Hello Friend,
I found this, it may be helpful to you,
N7K-1-Core1# config
Enter configuration commands, one per line. End with CNTL/Z.
N7K-1-Core1(config)# route-map pim-policy deny 10
N7K-1-Core1(config-route-map)# match ip multicast group 239.100.10.1/32
N7K-1-Core1(config-route-map)# route-map pim-policy deny 20
N7K-1-Core1(config-route-map)# match ip multicast group 224.0.0.0/4
N7K-1-Core1(config-route-map)# int vlan 3
N7K-1-Core1(config-if)# ip pim jp-policy pim-policy in
N7K-1-Core1(config-if)# end
03-19-2014 03:18 AM
Hi Thanveer,
the jp-policy is used when you want to filter Join and Prune PIM messages, but I'd like to filter Hello PIM nessages and for this the neighbor-policy option should work...
Regards
Stefano
03-19-2014 04:34 AM
Trying to find the solution dear. If you find the solution provide it here.
03-19-2014 04:53 AM
Hi Thanveer,
finally I got the solution.
A prefix-list has to be used insted of access-list:
ip prefix-list filter-pim seq 5 deny 10.139.7.252/32
ip prefix-list filter-pim seq 10 permit 0.0.0.0/0 le 32
route-map FILTER-PIM-MAP permit 10
match ip address prefix-list filter-pim
Thanks for your support
Stefano
03-19-2014 11:51 PM
Fantastic, good to hear.
I was about to give a reply stating that can we check the command sh ip pim interface vlan 3, to see whether the policy is implemented or not.
Thanks to you too Friend.
Regards
Thanveer
“Acquire Knowledge and Learn Tranquillity and Dignity”
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide