- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Deny PIM/IGMP Sources
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2013 05:22 AM
08-06-2013 05:22 AM
Deny PIM/IGMP Sources
Hi guys
I have the following configuration
#
interface Vlan-interface1
ip address 172.21.200.200 255.255.0.0
igmp enable
igmp group-policy 2001
pim dm
pim neighbor-policy 2000
#
acl number 2000
description DenyAllPIMNeighbors
rule 0 deny
acl number 2001
description AllowIGMPGroups
rule 0 permit source 239.192.0.0 0.0.255.255
rule 100 deny
#
Unfortunalely multiple groups are imported to PIM:
[HP-Vlan-interface1]disp pim routing-table
VPN-Instance: public net Total 0 (*, G) entry; 8 (S, G) entries
(172.21.1.183, 230.0.0.4)
Protocol: pim-dm, Flag: LOC ACT
UpTime: 00:18:38
Upstream interface: Vlan-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information: None
(172.21.2.120, 239.255.255.250)
Protocol: pim-dm, Flag: LOC ACT
UpTime: 00:16:27
Upstream interface: Vlan-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information: None
How can I control this unwanted Groups?
br
Manuel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2013 04:28 PM
08-13-2013 04:28 PM
Re: Deny PIM/IGMP Sources
Manuel, are the hosts 172.21.1.183 and 172.21.2.120 in the same vlan 1 where you have igmp and pim enabled ?
If yes it means that these hosts are using some application that transmit multicast.
And for that reason you are seeing them in your pim routing table.
Is one of these hosts using Jboss ? Jboss uses the multicast 230.0.0.4 to its auto-discovery feature.
Windows computers and printers use 239.255.255.250 multicast ip address to discover another network
devices, this is the UPNP protocol.
So, I think that there is no way to make a filter to all possibilities you may have because you cant predict
what softwares are gonna be installed in the computers in that vlan. And many of these softwares
maybe use multicast.
Dont worry. This is a normal situation. You only have to use the igmp group-policy command in your
switches to deny access to this unwanted multicast groups. If you dont do that, you will have
unwanted multicast transmissions in your network.
There is the command "register-policy <acl-number> " in PIM-View that works with pim sm to prevent unauthorized register messages. But this is not your case as you are using pim dm.
Bye. Fabiano.