Thanks Jason. Definitively I did not understand the question correctly, but this has seen very interesting about Multicast issues.
Thanks again. Best regards. 2011/6/6 Jason Boyers <[email protected]> > I'll get to the DHCP scope question you asked in another email (in terms of > lease time,) but the specific requirement states that this is for the > administratively scoped range. That phrase is from RFC 2365, which puts > that range at 239.0.0.0 to 239.255.255.255. Thus, the ACL blocks everything > in that particular range except for the CME multicast stream. It doesn't > say to block other multicast traffic. > Jason Boyers - CCIE #26024 (Wireless) > Technical Instructor - IPexpert, Inc. > Mailto: *[email protected] > * > > > On Mon, Jun 6, 2011 at 11:14 AM, Raul Manzano <[email protected]> wrote: > >> Hi. >> >> After talking with my coworkers about the Multicast tasks; I have some >> doubts about the access-list used to filter multicast traffic between HQ and >> MO. >> >> HQ: >> ip access-list extended MULTICAST >> permit ip host 10.10.210.20 host 239.10.210.20 >> deny ip any 239.0.0.0 0.255.255.255 >> permit ip any any >> MO: >> >> ip access-list extended MULTICAST >> deny ip any 239.0.0.0 0.255.255.255 >> permit ip any any >> With this acl we only filter multicast traffic using the private subnet, >> but all the subnets in 224.0.0.0 and higher are allowed and I think this is >> not desirable. >> >> My own proposal. >> >> HQ: >> >> ip access-list extended MULTICAST >> permit ip host 10.10.210.20 host 239.10.210.20 >> permit ip any 224.0.0.0 0.0.1.255 >> deny ip any 224.0.0.0 15.255.255.255 >> permit ip any any >> MO: >> >> ip access-list extended MULTICAST >> permit ip any 224.0.0.0 0.0.1.255 >> deny ip any 224.0.0.0 15.255.255.255 >> permit ip any any >> Allowing only the two first subnets (local network control block and >> internetwork control block) we allow only the necessary multicast for this >> task (autoRP), EIGRP is still working and we deny all the multicast traffic >> that is not MOH or the two subnets related before. >> >> Because is an IGMP access-list. Why donĀ“t use the command "ip igmp >> access-group <list-name> out????? It seems to me more clear and "more >> better" :), and we can "save" the last line in both access-list permitting >> all the traffic. >> >> Thoughs??? >> >> >> >> >> >> >> 2011/6/6 Raul Manzano <[email protected]> >> >>> Hi Guys. >>> >>> Question about the "helper-address"; Reading the DSG in detail I >>> understood the exercise and the answer. I understand that for Guest client >>> under the autonomous AP we need to create the DHCP server in the WCS machine >>> because WLC can not server IP's for the wired clients; in fact the exercise >>> talks about the use of the WLC only for the WLC Guest Clients. I'm guess the >>> reservations must be from 100 to 150 in the WLC DHCP and the last 32 IP's >>> for the same subnet in the WCS Server. >>> >>> Sorry for not reading in detail the DSG before write the mail :) >>> >>> Cheers!!! >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
