cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
970
Views
0
Helpful
1
Replies
Highlighted
Contributor

Multicast Filtering Between VLANS

I have the need to filter multicast between vlans as described below. PIM Sparse-Mode is being utilized for this multicast network and changing any Vlan to PIM Dense mode is not an option.

- Vlan 217 and Vlan 4 should not be communicating on mcast with any other vlan, including eachother (each vlan isolated).

-Vlan 64 and Vlan 80 are able to communicate witch each other on mcast but not with any other vlans (isolated vlan group).

-All other vlans can communicate mcast freely.

What I've created thus far is below. It does not appear to be the most elegant solution and would be difficult for the administrators to adjust as new requirements come along. Yes, I will be adding the appropriate link-local multicast addresses so as to not break routing and other dependent technologies. Any other solutions/ideas?

ip access-list ext ANY_CONN

permit ip any any

ip access-list ext MCAST_INTRA_217

permit ip 224.0.0.0 15.255.255.255 133.106.197.32 255.255.224.0

permit ip 133.106.197.32 255.255.224.0 224.0.0.0 15.255.255.255

ip access-list ext MCAST_ISOLATE

permit ip 224.0.0.0 15.255.255.255 any

permit ip any 224.0.0.0 15.255.255.255

ip access-list ext MCAST_INTRA_14

permit ip 224.0.0.0 15.255.255.255 10.23.0.0 255.255.0.0

permit ip 10.23.0.0 255.255.0.0 224.0.0.0 15.255.255.255

vlan access-map MCAST_ISOLATE_217 10

match ip address MCAST_INTRA_217

action forward

vlan access-map MCAST_ISOLATE_217 20

match ip address MCAST_ISOLATE

action drop

vlan access-map MCAST_ISOLATE_217 30

match ip address ANY_CONN

action forward

exit

vlan access-map MCAST_ISOLATE_14 10

match ip address MCAST_INTRA_14

action forward

vlan access-map MCAST_ISOLATE_14 20

match ip address MCAST_ISOLATE

action drop

vlan access-map MCAST_ISOLATE_14 30

match ip address ANY_CONN

action forward

exit

vlan filter MCAST_ISOLATE_217 vlan-list 217

vlan filter MCAST_ISOLATE_14 vlan-list 14

!

ip access-list ext MCAST_RESTRICT

permit ip 224.0.0.0 15.255.255.255 133.106.64.0 0.0.15.255

permit ip 133.106.64.0 0.0.15.255 224.0.0.0 15.255.255.255

permit ip 224.0.0.0 15.255.255.255 133.106.80.0 0.0.15.255

permit ip 133.106.64.0 0.0.80.255 224.0.0.0 15.255.255.255

vlan access-map MCAST_RESTRICT 10

match ip address MCAST_RESTRICT

action forward

vlan access-map MCAST_RESTRICT 20

match ip address MCAST_ISOLATE

action drop

vlan access-map MCAST_RESTRICT 30

match ip address ANY_CONN

action forward

vlan filter MCAST_RESTRICT vlan-list 64, 80

Thanks in advance.

Kind Regards,


Kevin

Kind Regards, Kevin Sheahan, CCIE # 41349
1 REPLY 1
Highlighted
Contributor

My wildcard masks are jacked.. I did this in notepad so I didn't have the CLI to square me away when trying to enter the normal subnet mask.

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349
Content for Community-Ad