24-21
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 24 Configuring IP Multicast Routing
Configuring IP Multicast Routing
If all interfaces are in sparse mode, use a default-configured RP to support the two well-known
groups 224.0.1.39 and 224.0.1.40. Auto-RP uses these two well-known groups to collect and distribute
RP-mapping information. When this is the case and the ip pim accept-rp auto-rp command is
configured, another ip pim accept-rp command accepting the RP must be configured as follows:
Switch(config)# ip pim accept-rp 172.10.20.1 1
Switch(config)# access-list 1 permit 224.0.1.39
Switch(config)# access-list 1 permit 224.0.1.40
Preventing Candidate RP Spoofing
You can add configuration commands to the mapping agents to prevent a maliciously configured router
from masquerading as a candidate RP and causing problems.
Beginning in privileged EXEC mode, follow these steps to filter incoming RP announcement messages:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
ip pim rp-announce-filter rp-list
access-list-number group-list
access-list-number
Filter incoming RP announcement messages.
Enter this command on each mapping agent in the network.
Without this command, all incoming RP-announce messages are
accepted by default.
For rp-list access-list-number, configure an access list of candidate RP
addresses that, if permitted, is accepted for the group ranges supplied
in the group-list access-list-number variable. If this variable is
omitted, the filter applies to all multicast groups.
If more than one mapping agent is used, the filters must be consistent
across all mapping agents to ensure that no conflicts occur in the
Group-to-RP mapping information.
Step 3
access-list access-list-number {deny |
permit} source [source-wildcard]
Create a standard access list, repeating the command as many times as
necessary.
•
For access-list-number, enter the access list number specified in
Step 2.
•
The deny keyword denies access if the conditions are matched.
The permit keyword permits access if the conditions are matched.
•
Create an access list that specifies from which routers and
multilayer switches the mapping agent accepts candidate RP
announcements (rp-list ACL).
•
Create an access list that specifies the range of multicast groups
from which to accept or deny (group-list ACL).
•
For source, enter the multicast group address range for which the
RP should be used.
•
(Optional) For source-wildcard, enter the wildcard bits in dotted
decimal notation to be applied to the source. Place ones in the bit
positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Step 4
end
Return to privileged EXEC mode.