I have changed to ccie security since I am spending all my time at work in security, how do I unsubscribe from this mailing list
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of L. Jankok Sent: Sunday, July 26, 2009 4:26 AM To: Bryan Bartik Cc: [email protected] Subject: Re: [OSL | CCIE_RS] question wb1 v11 lab24 task 24.6 Bryan, I have it figured out. It works only with 1 variation. The requirement states this: " 24.2 Set R1 to advertise itself as the RP for all groups. " " 24.6 Using a Cisco-preferred dynamic protocol,, make sure that all routers in the multicast domain use: R1 as the RP for 224.0.0.0 through 225.255.255.255" My variation on the task is this; R1 as the RP for *only* 224.0.0.0 through 225.255.255.255 As I used the word *only* now R5 is not allowed to to advertise 224/4 for R1 and rely on specific matches to result in R1 to be only the RP for 224/8 and 224/8 due to more specific matches on the other RP's. Now we have to be specific and this makes it more interesting. I found only 1 way to make this work. The requirement never states that we have to advertise 224/4 in a single advertisement! This means that we can break the groups into pieces 224.0.0.0 1.255.255.255 226.0.0.0 1.255.255.255 228.0.0.0 3.255.255.255 232.0.0.0 7.255.255.255 And *now* the filter list on the mapping agent R5 works and we will have only 224/8 and 225/8 for R1. ip access-list standard R1_GROUP_FILTER permit 224.0.0.0 1.255.255.255 BTW this could be a nice variation on the task to include in the workbook. I think it will cause some headaches :) Regards, LJ Below is the working code On R5 the mapping agent ip access-list standard R1 permit 200.0.0.1 ip access-list standard R1_GROUP_FILTER permit 224.0.0.0 1.255.255.255 ip pim rp-announce-filter rp-list R1 group-list R1_GROUP_FILTER On R1 the RP ip access-list standard R1_RP_GROUPS permit 224.0.0.0 0.255.255.255 permit 225.0.0.0 0.255.255.255 permit 226.0.0.0 1.255.255.255 permit 228.0.0.0 3.255.255.255 permit 232.0.0.0 7.255.255.255 ip pim send-rp-announce Loopback0 scope 10 group-list R1_RP_GROUPS Regards, LJ 2009/7/25 Bryan Bartik <[email protected]>: > Hmmm. I can't reproduce this. On R5, try adding an ACL that matches all > hosts and then denies all groups. Kind of like a catch all, and then add > another rp-announce-filter command. Any luck? > > On Sat, Jul 25, 2009 at 1:34 AM, L. Jankok <[email protected]> wrote: >> >> I am trying the same lab again. >> >> R5 is the mapping agent. >> >> On R5 >> >> ip access-list standard R1 >> permit 200.0.0.1 >> ip access-list standard R1_GROUP_FILTER >> permit 224.0.0.0 1.255.255.255 >> >> ip pim send-rp-discovery Loopback0 scope 10 >> ip pim rp-announce-filter rp-list R1 group-list R1_GROUP_FILTER >> >> On R1 >> >> ip access-list standard R1_RP_GROUPS >> permit 224.0.0.0 15.255.255.255 >> permit 224.0.0.0 0.255.255.255 >> permit 225.0.0.0 0.255.255.255 >> >> ip pim send-rp-announce Loopback0 scope 10 group-list R1_RP_GROUPS >> >> I cleared all the mappings and even waited for the mappings to expire >> after the clearings and still R1 is announced as the RP for 224.0.0.0/4 by >> R5 >> >> Group(s) 224.0.0.0/8 >> RP 200.0.0.1 (?), v2v1 >> Info source: 200.0.0.1 (?), elected via Auto-RP >> Uptime: 00:01:55, expires: 00:02:05 >> Group(s) 224.0.0.0/4 >> RP 200.0.0.1 (?), v2v1 >> Info source: 200.0.0.1 (?), elected via Auto-RP >> Uptime: 00:01:55, expires: 00:02:01 >> Group(s) 225.0.0.0/8 >> RP 200.0.0.1 (?), v2v1 >> Info source: 200.0.0.1 (?), elected via Auto-RP >> Uptime: 00:01:55, expires: 00:02:00 >> >> Regards, >> >> LJ >> >> 2009/7/19 Bryan Bartik <[email protected]>: >> > Ok, Next time try clearing it on all routers and wait for the next >> > advertisement. The mapping agent should be enough, but you will have to >> > let >> > it expire on the others. Let us know if you still encounter the issue. >> > >> > On Sun, Jul 19, 2009 at 9:24 AM, L. Jankok <[email protected]> wrote: >> >> >> >> Hi Brian, >> >> >> >> I only cleared the mapping on the mapping agent because I thought >> >> that I only have to clear the mappings where I have adjusted the filter >> >> (the mapping agent). I have also adjusted the access filter on R1 so >> >> it will also advertise these specifics to the mapping agent. >> >> >> >> My session at proctorlabs has ended so right now I can't test anymore. >> >> >> >> Greetings, >> >> >> >> LJ >> >> >> >> 2009/7/19 Bryan Bartik <[email protected]>: >> >> > Hello LJ, >> >> > >> >> > It's early but it looks fine to me. Did you clear the mappings on all >> >> > routers and then wait for them to repopulate? What does "debug ip pim >> >> > auto-rp" show? >> >> > >> >> > On Sun, Jul 19, 2009 at 6:57 AM, L. Jankok <[email protected]> wrote: >> >> >> >> >> >> Dear list, >> >> >> >> >> >> In Lab 24 task 24.6 the last bullet states that R1 must be the RP >> >> >> for >> >> >> 224.0.0.0 through 225.0.0.0 >> >> >> >> >> >> Now I know that because R9, R4 and R2 aren't the RP for these groups >> >> >> R1 by means of a least specific match will be the RP for these >> >> >> groups. >> >> >> >> >> >> But I want to be more specific about for which groups R1 can be the >> >> >> RP >> >> >> and to accomplish this I apply a specific filter for R1 on the >> >> >> mapping >> >> >> agent (R5). >> >> >> >> >> >> ! >> >> >> ip access-list standard R1 >> >> >> permit 200.0.0.1 >> >> >> ip access-list standard R1_GROUPS >> >> >> permit 224.0.0.0 1.255.255.255 >> >> >> ! >> >> >> ip access-list standard ALL_GROUPS >> >> >> permit 224.0.0.0 15.255.255.255 >> >> >> ip access-list standard ALL_OTHERS >> >> >> permit 200.0.0.9 >> >> >> permit 200.0.0.4 >> >> >> ! >> >> >> ip pim rp-announce-filter rp-list R1 group-list R1_GROUPS >> >> >> ip pim rp-announce-filter rp-list ALL_OTHERS group-list ALL_GROUPS >> >> >> ! >> >> >> >> >> >> Now I am expecting so see only the groups 224.0.0/7 for RP >> >> >> 200.0.0.1. >> >> >> But still I see also 224.0.0.0/4 for RP 200.0.0.1 even though I >> >> >> have it filtered out and haven't included it in the ALL_OTHERS >> >> >> filter. >> >> >> >> >> >> My question is what am I overlooking? because this doesn't jive >> >> >> with my expectation. >> >> >> >> >> >> R5#show ip pim rp mapping >> >> >> PIM Group-to-RP Mappings >> >> >> This system is an RP-mapping agent (Loopback0) >> >> >> >> >> >> Group(s) 224.0.0.0/7 >> >> >> RP 200.0.0.1 (?), v2v1 >> >> >> Info source: 200.0.0.1 (?), elected via Auto-RP >> >> >> Uptime: 00:01:23, expires: 00:02:33 >> >> >> Group(s) 224.0.0.0/4 >> >> >> <---- Still here? >> >> >> RP 200.0.0.1 (?), v2v1 >> >> >> Info source: 200.0.0.1 (?), elected via Auto-RP >> >> >> Uptime: 00:01:23, expires: 00:02:35 >> >> >> Group(s) 226.0.0.0/7 >> >> >> RP 200.0.0.2 (?), v2v1 >> >> >> Info source: 200.0.0.2 (?), elected via Auto-RP >> >> >> Uptime: 00:01:56, expires: 00:02:01 >> >> >> Group(s) 228.0.0.0/8 >> >> >> RP 200.0.0.9 (?), v2v1 >> >> >> Info source: 200.0.0.9 (?), elected via Auto-RP >> >> >> Uptime: 00:01:22, expires: 00:02:34 >> >> >> Group(s) 229.0.0.0/8 >> >> >> RP 200.0.0.2 (?), v2v1 >> >> >> Info source: 200.0.0.2 (?), elected via Auto-RP >> >> >> Uptime: 00:01:56, expires: 00:02:01 >> >> >> Group(s) 230.0.0.0/8 >> >> >> RP 200.0.0.9 (?), v2v1 >> >> >> Info source: 200.0.0.9 (?), elected via Auto-RP >> >> >> Uptime: 00:01:23, expires: 00:02:35 >> >> >> Group(s) 231.0.0.0/8 >> >> >> RP 200.0.0.2 (?), v2v1 >> >> >> Info source: 200.0.0.2 (?), elected via Auto-RP >> >> >> Uptime: 00:01:58, expires: 00:01:59 >> >> >> Group(s) 232.0.0.0/5 >> >> >> RP 200.0.0.4 (?), v2v1 >> >> >> Info source: 200.0.0.4 (?), elected via Auto-RP >> >> >> Uptime: 00:01:50, expires: 00:02:07 >> >> >> R5# >> >> >> >> >> >> Cheers, >> >> >> >> >> >> LJ >> >> >> >> >> > >> >> > >> >> > >> >> > -- >> >> > Bryan Bartik >> >> > CCIE #23707 (R&S), CCNP >> >> > Sr. Support Engineer - IPexpert, Inc. >> >> > URL: http://www.IPexpert.com >> >> > >> >> _______________________________________________ >> >> For more information regarding industry leading CCIE Lab training, >> >> please >> >> visit www.ipexpert.com >> > >> > >> > >> > -- >> > Bryan Bartik >> > CCIE #23707 (R&S), CCNP >> > Sr. Support Engineer - IPexpert, Inc. >> > URL: http://www.IPexpert.com >> > > > > > -- > Bryan Bartik > CCIE #23707 (R&S), CCNP > Sr. Support Engineer - IPexpert, Inc. > URL: http://www.IPexpert.com > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
