I'll get to the DHCP scope question you asked in another email (in terms of lease time,) but the specific requirement states that this is for the administratively scoped range. That phrase is from RFC 2365, which puts that range at 239.0.0.0 to 239.255.255.255. Thus, the ACL blocks everything in that particular range except for the CME multicast stream. It doesn't say to block other multicast traffic. Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert, Inc. Mailto: *[email protected] *
On Mon, Jun 6, 2011 at 11:14 AM, Raul Manzano <[email protected]> wrote: > Hi. > > After talking with my coworkers about the Multicast tasks; I have some > doubts about the access-list used to filter multicast traffic between HQ and > MO. > > HQ: > ip access-list extended MULTICAST > permit ip host 10.10.210.20 host 239.10.210.20 > deny ip any 239.0.0.0 0.255.255.255 > permit ip any any > MO: > > ip access-list extended MULTICAST > deny ip any 239.0.0.0 0.255.255.255 > permit ip any any > With this acl we only filter multicast traffic using the private subnet, > but all the subnets in 224.0.0.0 and higher are allowed and I think this is > not desirable. > > My own proposal. > > HQ: > > ip access-list extended MULTICAST > permit ip host 10.10.210.20 host 239.10.210.20 > permit ip any 224.0.0.0 0.0.1.255 > deny ip any 224.0.0.0 15.255.255.255 > permit ip any any > MO: > > ip access-list extended MULTICAST > permit ip any 224.0.0.0 0.0.1.255 > deny ip any 224.0.0.0 15.255.255.255 > permit ip any any > Allowing only the two first subnets (local network control block and > internetwork control block) we allow only the necessary multicast for this > task (autoRP), EIGRP is still working and we deny all the multicast traffic > that is not MOH or the two subnets related before. > > Because is an IGMP access-list. Why donĀ“t use the command "ip igmp > access-group <list-name> out????? It seems to me more clear and "more > better" :), and we can "save" the last line in both access-list permitting > all the traffic. > > Thoughs??? > > > > > > > 2011/6/6 Raul Manzano <[email protected]> > >> Hi Guys. >> >> Question about the "helper-address"; Reading the DSG in detail I >> understood the exercise and the answer. I understand that for Guest client >> under the autonomous AP we need to create the DHCP server in the WCS machine >> because WLC can not server IP's for the wired clients; in fact the exercise >> talks about the use of the WLC only for the WLC Guest Clients. I'm guess the >> reservations must be from 100 to 150 in the WLC DHCP and the last 32 IP's >> for the same subnet in the WCS Server. >> >> Sorry for not reading in detail the DSG before write the mail :) >> >> Cheers!!! >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
