Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1282
Views
0
Helpful
1
Replies

Multicast Filtering Between VLANS

Kevin P Sheahan
Level 5
Level 5

‎03-19-2013 06:36 PM - edited ‎03-07-2019 12:21 PM

I have the need to filter multicast between vlans as described below. PIM Sparse-Mode is being utilized for this multicast network and changing any Vlan to PIM Dense mode is not an option.

- Vlan 217 and Vlan 4 should not be communicating on mcast with any other vlan, including eachother (each vlan isolated).

-Vlan 64 and Vlan 80 are able to communicate witch each other on mcast but not with any other vlans (isolated vlan group).

-All other vlans can communicate mcast freely.

What I've created thus far is below. It does not appear to be the most elegant solution and would be difficult for the administrators to adjust as new requirements come along. Yes, I will be adding the appropriate link-local multicast addresses so as to not break routing and other dependent technologies. Any other solutions/ideas?

ip access-list ext ANY_CONN

permit ip any any

ip access-list ext MCAST_INTRA_217

permit ip 224.0.0.0 15.255.255.255 133.106.197.32 255.255.224.0

permit ip 133.106.197.32 255.255.224.0 224.0.0.0 15.255.255.255

ip access-list ext MCAST_ISOLATE

permit ip 224.0.0.0 15.255.255.255 any

permit ip any 224.0.0.0 15.255.255.255

ip access-list ext MCAST_INTRA_14

permit ip 224.0.0.0 15.255.255.255 10.23.0.0 255.255.0.0

permit ip 10.23.0.0 255.255.0.0 224.0.0.0 15.255.255.255

vlan access-map MCAST_ISOLATE_217 10

match ip address MCAST_INTRA_217

action forward

vlan access-map MCAST_ISOLATE_217 20

match ip address MCAST_ISOLATE

action drop

vlan access-map MCAST_ISOLATE_217 30

match ip address ANY_CONN

action forward

exit

vlan access-map MCAST_ISOLATE_14 10

match ip address MCAST_INTRA_14

action forward

vlan access-map MCAST_ISOLATE_14 20

match ip address MCAST_ISOLATE

action drop

vlan access-map MCAST_ISOLATE_14 30

match ip address ANY_CONN

action forward

exit

vlan filter MCAST_ISOLATE_217 vlan-list 217

vlan filter MCAST_ISOLATE_14 vlan-list 14

!

ip access-list ext MCAST_RESTRICT

permit ip 224.0.0.0 15.255.255.255 133.106.64.0 0.0.15.255

permit ip 133.106.64.0 0.0.15.255 224.0.0.0 15.255.255.255

permit ip 224.0.0.0 15.255.255.255 133.106.80.0 0.0.15.255

permit ip 133.106.64.0 0.0.80.255 224.0.0.0 15.255.255.255

vlan access-map MCAST_RESTRICT 10

match ip address MCAST_RESTRICT

action forward

vlan access-map MCAST_RESTRICT 20

match ip address MCAST_ISOLATE

action drop

vlan access-map MCAST_RESTRICT 30

match ip address ANY_CONN

action forward

vlan filter MCAST_RESTRICT vlan-list 64, 80

Thanks in advance.

Kind Regards,


Kevin

Kind Regards, Kevin Sheahan, CCIE # 41349
Labels:
0 Helpful
1 Reply 1

Kevin P Sheahan
Level 5
Level 5

‎03-19-2013 06:40 PM

My wildcard masks are jacked.. I did this in notepad so I didn't have the CLI to square me away when trying to enter the normal subnet mask.

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card