Ah, I see...the ACL was overlapping including the full 224.0.0.0. The mapping agent cannot break it up even though the specifics were in there. Good work.
On Sun, Jul 26, 2009 at 2:26 AM, L. Jankok <[email protected]> wrote: > Bryan, > > I have it figured out. It works only with 1 variation. > > The requirement states this: > > " 24.2 Set R1 to advertise itself as the RP for all groups. " > " 24.6 Using a Cisco-preferred dynamic protocol,, make sure that all > routers in the multicast domain use: > R1 as the RP for 224.0.0.0 through 225.255.255.255" > > My variation on the task is this; > R1 as the RP for *only* 224.0.0.0 through 225.255.255.255 > > As I used the word *only* now R5 is not allowed to to advertise 224/4 > for R1 and rely on specific matches to result in R1 to be only the RP for > 224/8 and 224/8 due to more specific matches on the other RP's. > > Now we have to be specific and this makes it more interesting. > > I found only 1 way to make this work. > > The requirement never states that we have to advertise 224/4 in a > single advertisement! > > This means that we can break the groups into pieces > 224.0.0.0 1.255.255.255 > 226.0.0.0 1.255.255.255 > 228.0.0.0 3.255.255.255 > 232.0.0.0 7.255.255.255 > > And *now* the filter list on the mapping agent R5 works and we will > have only 224/8 and 225/8 for R1. > > ip access-list standard R1_GROUP_FILTER > permit 224.0.0.0 1.255.255.255 > > BTW this could be a nice variation on the task to include in the workbook. > I think it will cause some headaches :) > > Regards, > > LJ > > Below is the working code > > On R5 the mapping agent > > ip access-list standard R1 > permit 200.0.0.1 > > ip access-list standard R1_GROUP_FILTER > permit 224.0.0.0 1.255.255.255 > > ip pim rp-announce-filter rp-list R1 group-list R1_GROUP_FILTER > > > On R1 the RP > > ip access-list standard R1_RP_GROUPS > permit 224.0.0.0 0.255.255.255 > permit 225.0.0.0 0.255.255.255 > permit 226.0.0.0 1.255.255.255 > permit 228.0.0.0 3.255.255.255 > permit 232.0.0.0 7.255.255.255 > > ip pim send-rp-announce Loopback0 scope 10 group-list R1_RP_GROUPS > > Regards, > > LJ > > 2009/7/25 Bryan Bartik <[email protected]>: > > Hmmm. I can't reproduce this. On R5, try adding an ACL that matches all > > hosts and then denies all groups. Kind of like a catch all, and then add > > another rp-announce-filter command. Any luck? > > > > On Sat, Jul 25, 2009 at 1:34 AM, L. Jankok <[email protected]> wrote: > >> > >> I am trying the same lab again. > >> > >> R5 is the mapping agent. > >> > >> On R5 > >> > >> ip access-list standard R1 > >> permit 200.0.0.1 > >> ip access-list standard R1_GROUP_FILTER > >> permit 224.0.0.0 1.255.255.255 > >> > >> ip pim send-rp-discovery Loopback0 scope 10 > >> ip pim rp-announce-filter rp-list R1 group-list R1_GROUP_FILTER > >> > >> On R1 > >> > >> ip access-list standard R1_RP_GROUPS > >> permit 224.0.0.0 15.255.255.255 > >> permit 224.0.0.0 0.255.255.255 > >> permit 225.0.0.0 0.255.255.255 > >> > >> ip pim send-rp-announce Loopback0 scope 10 group-list R1_RP_GROUPS > >> > >> I cleared all the mappings and even waited for the mappings to expire > >> after the clearings and still R1 is announced as the RP for 224.0.0.0/4by > >> R5 > >> > >> Group(s) 224.0.0.0/8 > >> RP 200.0.0.1 (?), v2v1 > >> Info source: 200.0.0.1 (?), elected via Auto-RP > >> Uptime: 00:01:55, expires: 00:02:05 > >> Group(s) 224.0.0.0/4 > >> RP 200.0.0.1 (?), v2v1 > >> Info source: 200.0.0.1 (?), elected via Auto-RP > >> Uptime: 00:01:55, expires: 00:02:01 > >> Group(s) 225.0.0.0/8 > >> RP 200.0.0.1 (?), v2v1 > >> Info source: 200.0.0.1 (?), elected via Auto-RP > >> Uptime: 00:01:55, expires: 00:02:00 > >> > >> Regards, > >> > >> LJ > >> > >> 2009/7/19 Bryan Bartik <[email protected]>: > >> > Ok, Next time try clearing it on all routers and wait for the next > >> > advertisement. The mapping agent should be enough, but you will have > to > >> > let > >> > it expire on the others. Let us know if you still encounter the issue. > >> > > >> > On Sun, Jul 19, 2009 at 9:24 AM, L. Jankok <[email protected]> wrote: > >> >> > >> >> Hi Brian, > >> >> > >> >> I only cleared the mapping on the mapping agent because I thought > >> >> that I only have to clear the mappings where I have adjusted the > filter > >> >> (the mapping agent). I have also adjusted the access filter on R1 so > >> >> it will also advertise these specifics to the mapping agent. > >> >> > >> >> My session at proctorlabs has ended so right now I can't test > anymore. > >> >> > >> >> Greetings, > >> >> > >> >> LJ > >> >> > >> >> 2009/7/19 Bryan Bartik <[email protected]>: > >> >> > Hello LJ, > >> >> > > >> >> > It's early but it looks fine to me. Did you clear the mappings on > all > >> >> > routers and then wait for them to repopulate? What does "debug ip > pim > >> >> > auto-rp" show? > >> >> > > >> >> > On Sun, Jul 19, 2009 at 6:57 AM, L. Jankok <[email protected]> > wrote: > >> >> >> > >> >> >> Dear list, > >> >> >> > >> >> >> In Lab 24 task 24.6 the last bullet states that R1 must be the RP > >> >> >> for > >> >> >> 224.0.0.0 through 225.0.0.0 > >> >> >> > >> >> >> Now I know that because R9, R4 and R2 aren't the RP for these > groups > >> >> >> R1 by means of a least specific match will be the RP for these > >> >> >> groups. > >> >> >> > >> >> >> But I want to be more specific about for which groups R1 can be > the > >> >> >> RP > >> >> >> and to accomplish this I apply a specific filter for R1 on the > >> >> >> mapping > >> >> >> agent (R5). > >> >> >> > >> >> >> ! > >> >> >> ip access-list standard R1 > >> >> >> permit 200.0.0.1 > >> >> >> ip access-list standard R1_GROUPS > >> >> >> permit 224.0.0.0 1.255.255.255 > >> >> >> ! > >> >> >> ip access-list standard ALL_GROUPS > >> >> >> permit 224.0.0.0 15.255.255.255 > >> >> >> ip access-list standard ALL_OTHERS > >> >> >> permit 200.0.0.9 > >> >> >> permit 200.0.0.4 > >> >> >> ! > >> >> >> ip pim rp-announce-filter rp-list R1 group-list R1_GROUPS > >> >> >> ip pim rp-announce-filter rp-list ALL_OTHERS group-list ALL_GROUPS > >> >> >> ! > >> >> >> > >> >> >> Now I am expecting so see only the groups 224.0.0/7 for RP > >> >> >> 200.0.0.1. > >> >> >> But still I see also 224.0.0.0/4 for RP 200.0.0.1 even though I > >> >> >> have it filtered out and haven't included it in the ALL_OTHERS > >> >> >> filter. > >> >> >> > >> >> >> My question is what am I overlooking? because this doesn't jive > >> >> >> with my expectation. > >> >> >> > >> >> >> R5#show ip pim rp mapping > >> >> >> PIM Group-to-RP Mappings > >> >> >> This system is an RP-mapping agent (Loopback0) > >> >> >> > >> >> >> Group(s) 224.0.0.0/7 > >> >> >> RP 200.0.0.1 (?), v2v1 > >> >> >> Info source: 200.0.0.1 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:23, expires: 00:02:33 > >> >> >> Group(s) 224.0.0.0/4 > >> >> >> <---- Still here? > >> >> >> RP 200.0.0.1 (?), v2v1 > >> >> >> Info source: 200.0.0.1 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:23, expires: 00:02:35 > >> >> >> Group(s) 226.0.0.0/7 > >> >> >> RP 200.0.0.2 (?), v2v1 > >> >> >> Info source: 200.0.0.2 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:56, expires: 00:02:01 > >> >> >> Group(s) 228.0.0.0/8 > >> >> >> RP 200.0.0.9 (?), v2v1 > >> >> >> Info source: 200.0.0.9 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:22, expires: 00:02:34 > >> >> >> Group(s) 229.0.0.0/8 > >> >> >> RP 200.0.0.2 (?), v2v1 > >> >> >> Info source: 200.0.0.2 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:56, expires: 00:02:01 > >> >> >> Group(s) 230.0.0.0/8 > >> >> >> RP 200.0.0.9 (?), v2v1 > >> >> >> Info source: 200.0.0.9 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:23, expires: 00:02:35 > >> >> >> Group(s) 231.0.0.0/8 > >> >> >> RP 200.0.0.2 (?), v2v1 > >> >> >> Info source: 200.0.0.2 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:58, expires: 00:01:59 > >> >> >> Group(s) 232.0.0.0/5 > >> >> >> RP 200.0.0.4 (?), v2v1 > >> >> >> Info source: 200.0.0.4 (?), elected via Auto-RP > >> >> >> Uptime: 00:01:50, expires: 00:02:07 > >> >> >> R5# > >> >> >> > >> >> >> Cheers, > >> >> >> > >> >> >> LJ > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > -- > >> >> > Bryan Bartik > >> >> > CCIE #23707 (R&S), CCNP > >> >> > Sr. Support Engineer - IPexpert, Inc. > >> >> > URL: http://www.IPexpert.com > >> >> > > >> >> _______________________________________________ > >> >> For more information regarding industry leading CCIE Lab training, > >> >> please > >> >> visit www.ipexpert.com > >> > > >> > > >> > > >> > -- > >> > Bryan Bartik > >> > CCIE #23707 (R&S), CCNP > >> > Sr. Support Engineer - IPexpert, Inc. > >> > URL: http://www.IPexpert.com > >> > > > > > > > > > -- > > Bryan Bartik > > CCIE #23707 (R&S), CCNP > > Sr. Support Engineer - IPexpert, Inc. > > URL: http://www.IPexpert.com > > > -- Bryan Bartik CCIE #23707 (R&S), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
