The SVI is /22 but the PIM

s-durando · ‎03-18-2014

Hi all,

I have the following configuration on a couple of Nexus 7K:

N7K-1

interface Vlan3
vrf member TEST
ip address 10.139.7.252/22
ip pim sparse-mode
ip pim dr-priority 100
ip pim hello-interval 5000
no shutdown

N7K-2

interface Vlan3
vrf member TEST
ip address 10.139.7.253/22
ip pim sparse-mode
ip pim hello-interval 5000
ip pim neighbor-policy FILTER-PIM-MAP
no shutdown

ip access-list FILTER-PIM
5 deny pim 10.139.7.252/32 any
6 deny pim 10.139.7.252/32 224.0.0.13/32
10 deny pim 10.139.7.252/32 any
20 permit ip any any

route-map FILTER-PIM-MAP permit 10
match ip address FILTER-PIM

Neighbor-policy is not working. PIM neighborship on SVI 3 is still up between Nexus 1 and 2.

Does anybody know what is wrong on the route-map and ACL?

Regards

Stefano

Muhammad Thanveer · ‎03-18-2014

I believe you are matching /32 in access-list whereas your SVI IP is /22

s-durando · ‎03-18-2014

The SVI is /22 but the PIM packets are sourced by the physical IP address /32.

If I put /22 instead the result is the same, PIM neighborship up.

Stefano

Muhammad Thanveer · ‎03-19-2014

Apply the policy in Nexus 7K-1 as the source is 10.139.7.252 or change the source to 10.139.7.253 in the access-list of Nexus-7K-2

ip access-list FILTER-PIM
5 deny pim 10.139.7.252/32 any
6 deny pim 10.139.7.252/32 224.0.0.13/32
10 deny pim 10.139.7.252/32 any
20 permit ip any any

route-map FILTER-PIM-MAP permit 10
match ip address FILTER-PIM

interface Vlan3
vrf member TEST
ip address 10.139.7.252/22
ip pim sparse-mode
ip pim dr-priority 100
ip pim hello-interval 5000

ip pim neighbor-policy FILTER-PIM-MAP
no shutdown

Regards

Thanveer

Please Rate if the post is helpful

s-durando · ‎03-19-2014

Hi Thanveer,

I tried it but unfortunately it doesn't work.

I think neighbor-policy is for PIM hello received by other devices.

Regards

Stefano

Muhammad Thanveer · ‎03-19-2014

Hmm true,

How about this command on Nexus-7k-1

ip igmp helper-address

Causes the system to forward all IGMP host reports and leave messages received on the interface to the specified IP address.

ip igmp helper-address 10.139.7.253

Regards

Thanveer

Muhammad Thanveer · ‎03-19-2014

Hello Friend,

I found this, it may be helpful to you,

N7K-1-Core1# config
Enter configuration commands, one per line. End with CNTL/Z.
N7K-1-Core1(config)# route-map pim-policy deny 10
N7K-1-Core1(config-route-map)# match ip multicast group 239.100.10.1/32
N7K-1-Core1(config-route-map)# route-map pim-policy deny 20
N7K-1-Core1(config-route-map)# match ip multicast group 224.0.0.0/4
N7K-1-Core1(config-route-map)# int vlan 3

N7K-1-Core1(config-if)# ip pim jp-policy pim-policy in
N7K-1-Core1(config-if)# end

http://my.safaribooksonline.com/book/databases/data-warehouses/9780132883573/chapter-4dot-ip-multicast-configuration/ch04lev1sec9_html

s-durando · ‎03-19-2014

Hi Thanveer,

the jp-policy is used when you want to filter Join and Prune PIM messages, but I'd like to filter Hello PIM nessages and for this the neighbor-policy option should work...

Regards

Stefano

Muhammad Thanveer · ‎03-19-2014

Trying to find the solution dear. If you find the solution provide it here.

s-durando · ‎03-19-2014

Hi Thanveer,

finally I got the solution.

A prefix-list has to be used insted of access-list:

ip prefix-list filter-pim seq 5 deny 10.139.7.252/32
ip prefix-list filter-pim seq 10 permit 0.0.0.0/0 le 32

route-map FILTER-PIM-MAP permit 10
match ip address prefix-list filter-pim

Thanks for your support

Stefano

Muhammad Thanveer · ‎03-19-2014

Fantastic, good to hear.

I was about to give a reply stating that can we check the command sh ip pim interface vlan 3, to see whether the policy is implemented or not.

Thanks to you too Friend.

Regards
Thanveer
“Acquire Knowledge and Learn Tranquillity and Dignity”

ip pim neighbor-policy not working on Nexus 7K