Thanks for that link, I will review it. Your excerpt makes it much more clear that a "permit" in this case matches traffic to which the filter will apply.
Thanks! On Tue, May 29, 2012 at 1:31 PM, Oluwagbenga Oyebande < [email protected]> wrote: > > People normally avoid using *deny *statement in *rp-announce-filter > access-lists* bcos of this behavior. > > The deny expressly allows announcement for all groups from the particular > RP denied (by not filtering it for selected groups). Detailed explanation > is below. > > According to this CCO document > > > http://www.cisco.com/en/US/tech/tk828/technologies_configuration_example09186a00801cb923.shtml > "Filtering RP Addresses > > You can use the *ip pim rp-announce-filter rp-list access-list group-list > access-list *command to filter certain RPs for certain multicast groups. > > The *ip pim rp-announce-filter rp-list access-list group-list access-list > *command only has meaning if it is configured at the mapping agent. The * > rp-list access-list*defines an access-list of candidate RPs that, if > permitted, are accepted for the multicast ranges specified in the * > group-list access-list *command. > > *Note: *Use this command with caution. RPs that are matched by *rp-list* > (allowed > by a permit statement) have their multicast groups filtered by *group-list > *. RPs that are denied (either by an explicit or implicit deny) are not > subject to the filtering of their multicast groups and are "blindly" > accepted as candidate RPs for all of their groups. In other words, only RPs > that are permitted by *rp-list* have their multicast-groups filtered by * > group-list*. All other RPs are accepted without examination. > > An additional RP announce filter is needed to effectively filter the RPs > that are accepted without examination. The Filtering > Example<http://www.cisco.com/en/US/tech/tk828/technologies_configuration_example09186a00801cb923.shtml#filteringex> > section > clarifies this procedure." > > > > > On 29 May 2012 16:22, Bob McCouch <[email protected]> wrote: > >> Hi All, >> >> Question on rp-announce-filter feature: The doc CD suggests in the cmd ref >> config example that the rp-list ACL referenced in the rp-announce-filter >> command identify the RPs to be permitted, but in reality it seems the >> rp-list ACL defined the RP's to be filtered. >> >> Per the docCD ( >> >> http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti/command/imc_i3.html#GUID-6F02D9FD-7F72-413C-B893-A8766B87F3D7 >> ), >> it says the following: >> >> The following example shows how to configure the router to *accept RP >> > announcements from the C-RPs defined in access list 1* for the group >> >> > range defined in access list 2: >> > ip pim rp-announce-filter rp-list 1 group-list 2 >> > access-list 1 permit 10.0.0.1 >> > access-list 1 permit 10.0.0.2 >> > access-list 2 permit 224.0.0.0 15.255.255.255 >> >> >> However, when I tried this with a "deny" for a C-RP I didn't want to be >> elected, it backfired and the Mapping Agent only accepted announcements >> from that one. When I switched to a "permit" statement for that C-RP and >> the implicit 'deny any', then it worked as I wanted, filtering out only >> the >> identified C-RP. >> >> So is the example wrong? The cmd ref is not particularly clear. But it >> *seems* as though the rp-list is actually used the match the C-RPs that >> will be filtered, and thus a C-RP is accepted by denying it from the ACL. >> >> Can anyone confirm my understanding and whether the DocCD example is just >> wrong? >> >> Thanks! >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > > > -- > Olugbenga Oyebande > MD, DAIT > 234-803-302-5287 > http://www.dait-ng.com > Cisco Networks, Network Security & Quality of Service > DAIT Linux Enterprise Network Servers, Web Portal Projects > Broadband Internet Deployment & ISP Consultancy > [image: View my profile on LinkedIn]View Olugbenga Oyebande's > profile<http://ng.linkedin.com/pub/olugbenga-oyebande/15/395/8a9> > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
