People normally avoid using *deny *statement in *rp-announce-filter access-lists* bcos of this behavior.
The deny expressly allows announcement for all groups from the particular RP denied (by not filtering it for selected groups). Detailed explanation is below. According to this CCO document http://www.cisco.com/en/US/tech/tk828/technologies_configuration_example09186a00801cb923.shtml "Filtering RP Addresses You can use the *ip pim rp-announce-filter rp-list access-list group-list access-list *command to filter certain RPs for certain multicast groups. The *ip pim rp-announce-filter rp-list access-list group-list access-list *command only has meaning if it is configured at the mapping agent. The *rp-list access-list*defines an access-list of candidate RPs that, if permitted, are accepted for the multicast ranges specified in the *group-list access-list * command. *Note: *Use this command with caution. RPs that are matched by *rp-list* (allowed by a permit statement) have their multicast groups filtered by *group-list*. RPs that are denied (either by an explicit or implicit deny) are not subject to the filtering of their multicast groups and are "blindly" accepted as candidate RPs for all of their groups. In other words, only RPs that are permitted by *rp-list* have their multicast-groups filtered by * group-list*. All other RPs are accepted without examination. An additional RP announce filter is needed to effectively filter the RPs that are accepted without examination. The Filtering Example<http://www.cisco.com/en/US/tech/tk828/technologies_configuration_example09186a00801cb923.shtml#filteringex> section clarifies this procedure." On 29 May 2012 16:22, Bob McCouch <[email protected]> wrote: > Hi All, > > Question on rp-announce-filter feature: The doc CD suggests in the cmd ref > config example that the rp-list ACL referenced in the rp-announce-filter > command identify the RPs to be permitted, but in reality it seems the > rp-list ACL defined the RP's to be filtered. > > Per the docCD ( > > http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti/command/imc_i3.html#GUID-6F02D9FD-7F72-413C-B893-A8766B87F3D7 > ), > it says the following: > > The following example shows how to configure the router to *accept RP > > announcements from the C-RPs defined in access list 1* for the group > > range defined in access list 2: > > ip pim rp-announce-filter rp-list 1 group-list 2 > > access-list 1 permit 10.0.0.1 > > access-list 1 permit 10.0.0.2 > > access-list 2 permit 224.0.0.0 15.255.255.255 > > > However, when I tried this with a "deny" for a C-RP I didn't want to be > elected, it backfired and the Mapping Agent only accepted announcements > from that one. When I switched to a "permit" statement for that C-RP and > the implicit 'deny any', then it worked as I wanted, filtering out only the > identified C-RP. > > So is the example wrong? The cmd ref is not particularly clear. But it > *seems* as though the rp-list is actually used the match the C-RPs that > will be filtered, and thus a C-RP is accepted by denying it from the ACL. > > Can anyone confirm my understanding and whether the DocCD example is just > wrong? > > Thanks! > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > -- Olugbenga Oyebande MD, DAIT 234-803-302-5287 http://www.dait-ng.com Cisco Networks, Network Security & Quality of Service DAIT Linux Enterprise Network Servers, Web Portal Projects Broadband Internet Deployment & ISP Consultancy [image: View my profile on LinkedIn]View Olugbenga Oyebande's profile<http://ng.linkedin.com/pub/olugbenga-oyebande/15/395/8a9> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
