By default, when does a Cisco router switch over from the root-path-tree to the source-specific SPT?
Highlight for answer: When the first packet is received from the shared tree. You can change this with the ‘ip pim spt-threshold’ command.
August 6, 2009
August 17, 2008
Internetwork Expert Volume II: Lab 8 – Section 5
Section 5 – IP Multicast – 11 Points
5.1 PIM
Basic multicast task. We are not told which PIM mode to use, but by reading ahead we can see that we’ll be using Auto-RP so we’ll need sparse-dense mode.
5.2 Auto-RP
Configure r1 and r2 to use Auto-RP and announce their lo0 interfaces as candidate RP’s.
Configuring Sparse Mode with Auto-RP
“Configure r3 to map all multicast groups with an even numbered first octet to r1 and odd-numbered to r2.”
There’s no “minimal configuration” stipulation so let’s just make so basic access-lists:
r1(config)#ip access-list standard TASK_5_2_EVEN
r1(config-std-nacl)#permit 224.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 226.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 228.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 230.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 232.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 234.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 236.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 238.0.0.0 0.255.255.255
r1(config)#ip pim send-rp-announce lo0 scope 16 group-list TASK_5_2_EVEN
On r3(mapping agent) you will need to apply those same ACLs and then:
r3(config)#ip pim send-rp-discovery lo0 scope 16
Now we need to set up our rp-list ACLs:
r3(config)#ip access-list standard R1_LOOP
r3(config-std-nacl)#permit 150.1.1.1
r3(config-std-nacl)#ip access-list standard R2_LOOP
r3(config-std-nacl)#permit 150.1.2.2
Finally, we set our rp-announce-filters:
r3(config)#ip pim rp-announce-filter rp-list R1_LOOP group-list TASK_5_2_EVEN
r3(config)#ip pim rp-announce-filter rp-list R2_LOOP group-list TASK_5_2_ODD
For some reason I could not get the r2 to map even though my configuration was correct and r2 saw itself elected:
r2#sh ip pim rp map
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
The problem was that there was no multicast path to r2. I forgot to configure PIM on the Multilink interfaces on r2 and r3. DOH!!!
5.3 Multicast Distribution
Multicast traffic should switch to a source based tree once a source is sending 128Kbps or more.
r1(config)#ip pim spt-threshold 128
5.4 Multicast Testing
Users in VLAN 4 cannot receive multicast feeds from VLAN 52.
“Configure…so that r4 responds to ICMP echo requests sent the multicast group 224.4.4.4 from VLAN 52.”
First things first:
r4(config)#int f0/0
r4(config-if)#ip igmp join-group 224.4.4.4
These VLANs are on the spokes. PIM NBMA mode is needed on the hub.
Before:
r5#p 224.4.4.4 source 174.1.45.5
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 174.1.45.5
.
r5#
r1(config-if)#ip pim nbma-mode
PIM nbma-mode is not recommended for sparse-dense-mode
After:
r5#p 224.4.4.4 source 174.1.45.5
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 174.1.45.5
Reply to request 0 from 174.1.145.4, 52 ms
5.5 Broadcast Distribution
This is a common scenario in which we need to map a multicast feed to a broadcast address using the ‘ip multicast helper-map’ command.
August 14, 2008
Internetwork Expert Volume II: Lab 12 – Section 6
Section 6 – IP Multicast – 8 Points
6.1 PIM
I doesn’t get any easier than this. You’re asked to configure dense mode on specific interfaces.
6.2 Multicast Distribution
Users in VLAN 22 want access to a video feed on 225.25.25.25 (using UDP port 31337) from VLAN 17. For some reason (most likely because PIM is not configured on r3′s s1/3 
) r3 is not passing this traffic to r2. Configure the network so that the users can receive traffic from this group.
“Do not enable PIM on any additional interfaces to accomplish this.”
Fuck. There goes the easy solution.
This has me stumped. The multicast path from VLAN 17 to VLAN 12 is broken at r3. Is there a way to change this traffic to unicast or broadcast traffic? Yup.
To allow IP multicast routing in a multicast-capable internetwork between two broadcast-only internetworks, use the ip multicast helper-map command in interface configuration mode.
Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks
r3:
Rack16R3(config)#ip access-list ex TASK_6_2
Rack16R3(config-ext-nacl)#permit udp any any eq 31337
Rack16R3(config)#ip forward-protocol udp 31337
Rack16R3(config)#int s1/3
Rack16R3(config-if)#ip directed-broadcast
Rack16R3(config)int s1/2
Rack16R3(config-if)ip multicast helper-map 225.25.25.25 129.16.23.255 TASK_6_2
r2:
Rack16R2(config)#ip forward-protocol udp 31337
Rack16R2(config)#ip access-list ex TASK_6_2
Rack16R2(config-ext-nacl)#permit udp any any eq 31337
Rack16R2(config-ext-nacl)#int s0/1
Rack16R2(config-if)#ip multicast helper-map broadcast 225.25.25.25 TASK_6_2
There are a lot of verification commands in the solution guide, but nothing as far a breakdown.
6.3 Static RP
Well you didn’t think that we were going to get away with just running dense-mode on three devices did you? This task has you set up a pim-spare multicast network in the OSPF half of the network.
The weird bit is that we have to create loopback 1 on r4 and r5 and then give them the same address and advertise them into OSPF.
Then we need to configure r6 to use r4′s loopback 1 as the RP and sw2 to use r5′s loopback 1 as the RP. If either should fail, then they should switch over to the other loopback 1 as the RP. Remember, these loopbacks have the same /32 address.
Enter a command I’ve never heard of before”
To configure a Multicast Source Discovery Protocol (MSDP) peer, use the ip msdp peer command in global configuration mode.
Rack16R5(config)#ip msdp peer 150.16.4.4 connect-source lo0
Rack16R4(config)#ip msdp peer 150.16.5.5 connect-source lo0
Aug 12 14:05:14.346: %MSDP-5-PEER_UPDOWN: Session to peer 150.16.5.5 going up
After that bit is configured, just statically map your RP’s on r6 and sw2:
Rack16R6(config)#ip pim rp-address 150.16.0.255
Rack16SW2(config)#ip pim rp-address 150.16.0.255
Rack16R4#sh ip msdp peer
MSDP Peer 150.16.5.5 (?), AS 100
Connection status:
State: Up, Resets: 0, Connection source: Loopback0 (150.16.4.4)
Uptime(Downtime): 00:00:37, Messages sent/received: 0/1
Output messages discarded: 0
Connection and counters cleared 00:00:37 ago
SA Filtering:
Input (S,G) filter: none, route-map: none
Input RP filter: none, route-map: none
Output (S,G) filter: none, route-map: none
Output RP filter: none, route-map: none
SA-Requests:
Input filter: none
Peer ttl threshold: 0
SAs learned from this peer: 0
Input queue size: 0, Output queue size: 0
Rack16R4#sh ip msdp summary
MSDP Peer Status Summary
Peer Address AS State Uptime/ Reset SA Peer Name
Downtime Count Count
150.16.5.5 100 Up 00:01:05 0 0 ?
Rack16R6#sh ip pim rp map
PIM Group-to-RP Mappings
Group(s): 224.0.0.0/4, Static
RP: 150.16.0.255 (?)
Rack16SW2#sh ip pim rp mapp
PIM Group-to-RP Mappings
Group(s): 224.0.0.0/4, Static
RP: 150.16.0.255 (?)
April 5, 2008
Internetwork Expert Volume II: Lab 6 – Section 5
IP Multicast – 8 Points
5.1 PIM
Easy task. There is a typo in the task. You need to configure pim dense-mode on sw1′s fa0/14 interface (not fa0/2).
Task 5.1 – typo error in the task description
5.2 PIM Filtering
Configure r1 so that it does not become a PIM neighbor with r5. r5 should still allow clients on VLAN 5 to receive multicast traffic.
This is a case of multicast stub routing. There is a very nice breakdown on this in the solution guide. I’m still struggling with advanced multicast. I need to take some time and review multicast.
Before:
r1(config)#do sh ip pim neig
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
S – State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
191.1.125.5 Serial0/0 00:17:02/00:01:27 v2 1 / DR S
191.1.125.2 Serial0/0 00:18:55/00:01:32 v2 1 / S
191.1.13.3 Serial0/1 00:17:58/00:01:31 v2 1 / S
After:
*Mar 1 20:54:06.241: %PIM-5-NBRCHG: neighbor 191.1.125.5 DOWN on interface Serial0/0 DR
*Mar 1 20:54:06.241: %PIM-5-DRCHG: DR change from neighbor 191.1.125.5 to 191.1.125.2 on interface Serial0/0
r1(config-if)#do sh ip pim nei
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
S – State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
191.1.125.2 Serial0/0 00:20:49/00:01:37 v2 1 / DR S <-No more r5
191.1.13.3 Serial0/1 00:19:52/00:01:35 v2 1 / S
r5#sh ip igmp int fa0/0 | i help
IGMP helper address is 191.1.125.1
5.3 IGMP
Configure VLAN 363 on r3 (fa0/0) to support IGMP version 1.
r3(config)#int fa0/0
r3(config-if)#ip igmp version 1
r3#sh ip igmp int fa0/0 | i ver
Current IGMP host version is 1
Current IGMP router version is 1
5.4 Multicast Testing
Configure sw1 to forward traffic for multicast group 225.25.25.25 but do not allow sw1 to process switch this traffic.
sw1(config)#int vlan 7
sw1(config-if)#ip igmp static-group 225.25.25.25
sw1#sh ip igmp group
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
225.25.25.25 Vlan7 00:00:25 stopped 0.0.0.0
224.0.1.40 FastEthernet0/14 00:39:18 00:02:30 191.1.27.2
sw1#sh ip multicast int vlan 7
Vlan7 is up, line protocol is up
Internet address is 191.1.7.7/24
Multicast routing: enabled
Multicast switching: distributed <-Should say process
Multicast packets in/out: 0/0
Multicast boundary: not set
Multicast TTL threshold: 0
Multicast Tagswitching: disabled
Hmmmmm…..I never could get my output to show process switching. 
January 13, 2008
Internetwork Expert Volume II: Lab 4 – Section 5
Section 5 - Multicast - 8 Points
IE mixed it up a bit on this lab. Usually BGP comes directly after IGP, but I get to deal with Multicast instead. Oh joy!
5.1 PIM
This was about as easy of a task as you could ask for in Multicast. You are given the PIM mode to configure, the interfaces to configure, and the devices to configure. Really straight-forward task.
5.2 Auto-RP
Since we’re going to be using auto-rp, we need to configure ‘ip pim autorp listener’ on all Mulitcast devices (even the potential RPs). Then we can announce our RPs:
ip pim autorp listener(Cisco still hasn’t fixed the 12.4 links)
r2(config)#access-list 10 permit 225.0.0.0 0.255.255.255
r2(config)#ip pim send-rp-announce lo0 scope 16 group-list 10
Must first configure PIM mode on the interface: Loopback0r2(config)#int lo0
r2(config-if)#ip pim sparse-mode
*Jan 13 21:02:08.192: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 150.1.2.2 on interface Loopback0
r2(config-if)#exit
r2(config)#ip pim send-rp-announce lo0 scope 16 group-list 10r2#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
We need to make sw2 “responsible for the group to RP mappings”:
sw2(config)#ip pim send-rp-discovery lo0 scope 16
Non IP or PIM interface ignored in accepted command.sw2(config)#int lo0
sw2(config-if)#ip pim sparse-mode
sw2(config-if)#exit
sw2(config)#ip pim send-rp-discovery lo0 scope 16auto-rp is on the job:
sw2#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback0)Group(s) 225.0.0.0/8
RP 150.1.2.2 (?), v2v1
Info source: 150.1.2.2 (?), elected via Auto-RP
Uptime: 00:01:25, expires: 00:02:31
Group(s) 239.0.0.0/8
RP 150.1.5.5 (?), v2v1
Info source: 150.1.5.5 (?), elected via Auto-RP
Uptime: 00:02:01, expires: 00:02:55
5.3 Multicast Testing
“Configure r3′s interface fa0/0 as a member of the multicast group 225.25.25.25 and interface fa0/1 as a member of 239.39.39.39.”
“Ensure that r3 responds to pings sent to these multicast groups from VLANs 12 and 43″
r3(config)#int fa0/0
r3(config-if)#ip igmp join-group 225.25.25.25r3#sh ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter Gr
oup Accounted
225.25.25.25 FastEthernet0/0 00:00:14 00:02:45 141.1.37.3
224.0.1.40 FastEthernet0/0 00:42:49 00:01:58 141.1.37.7r1#ping 225.25.25.25 re 1 source 192.10.1.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 192.10.1.1Reply to request 0 from 141.1.123.3, 16 ms
Everything was going great, until:
r4#ping 225.25.25.25 re 1 source 204.12.1.4
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 204.12.1.4
.r4#sh ip mroute 225.25.25.25
(*, 225.25.25.25), 00:00:20/stopped, RP 150.1.2.2, flags: SPF
Incoming interface: FastEthernet0/0, RPF nbr 141.1.145.5
Outgoing interface list: Null
I had to look at the solution guide on this one. I figured out that I needed ‘ip pim nbma-mode’ on r2, but I completely missed the fact that I needed to configure each end of the tunnel with ‘ip pim spare-mode’
5.4 Multicast Rate Limiting
“configure sw1 so that no more than 1Mbps of multicast traffic is sent out towards r3.”
Okay…this is new. Time to mine the DOC.
To control the rate a sender from the source list can send to a multicast group in the group list, use the ip multicast rate-limit command in interface configuration mode. To remove the control, use the no form of this command.
sw1(config-if)#int vlan7
sw1(config-if)#ip multicast rate-limit ?
in Rate limit incoming packets
out Rate limit outgoing packetssw1(config-if)#ip multicast rate-limit out ?
<0-4294967> Rate in kilobits per second
group-list Rate limit for groups
source-list Rate limit for sources
video Rate limit video only
whiteboard Rate limit whiteboard only
<cr>sw1(config-if)#ip multicast rate-limit out 1000 ?
<cr>sw1(config-if)#ip multicast rate-limit out 1000
December 24, 2007
Internetwork Expert Volume II: Lab 3 – Section 6
Section 6 - Multicast - 8 Points
6.1 PIM
This was a basic task. You need to configure IP Multicast on some fo the routers and then PIM on certain interfaces. Make r5′s loopback 0 the RP for a certain set of multicast groups. The rest should not use an RP.
So we know that we have a mixture of PIM dense and PIM sparse because certain Multicast groups will require an RP while others will not. Thus we need to configure “ip pim sparse-dense-mode”.
Good luck looking at the 12.4 command reference though:
ip pim register-source IMC-183
The Page You Have Requested Is Not Available
The page you are trying to access may have been moved to a different location or removed. If you typed the address, please verify that the spelling is correct.
I’m not sure how you would handle this in the lab, but I just jumped to the 12.3 documentation:
To use lo0 (the wrong way):
To configure the IP source address of a register message to an interface address other than the outgoing interface address of the designated router (DR) leading toward the rendezvous point (RP), use the ip pim register-source command in global configuration mode. To disable this configuration, use the no form of this command.
ip pim [vrf vrf-name] register-source interface-type interface-number
no ip pim [vrf vrf-name] register-source interface-type interface-number
I had everything that I needed EXCEPT a way to limit the RP to certain Multicast groups. I was completely lost. The answer was easy, but I took a wrong turn with “ip pim register-source”. I really need to review Multicast.
You need an ACL and these two commands:
To use Auto-RP to configure groups for which the router will act as a rendezvous point (RP), use the ip pim send-rp-announce command in global configuration mode. To unconfigure this router as an RP, use the no form of this command.
ip pim [vrf vrf-name] send-rp-announce interface-type interface-number scope ttl-value [group-list access-list] [interval seconds] [bidir]
no ip pim [vrf vrf-name] send-rp-announce interface-type interface-number scope ttl-value [group-list access-list] [interval seconds] [bidir]
ip pim send-rp-discovery
Don’t forget to configure ip pim on the RP interface:
r5(config)#ip pim send-rp-announce lo0 scope 16 group-list 69
Must first configure PIM mode on the interface: Loopback0
The solution guide has a nice write-up on this task.
Nice verification command:
r1#sh ip pim rp mapping
PIM Group-to-RP MappingsGroup(s) 225.0.0.0/8
RP 150.6.5.5 (?), v2v1
Info source: 150.6.5.5 (?), elected via Auto-RP
Uptime: 00:02:04, expires: 00:02:51
Group(s) 226.0.0.0/8
RP 150.6.5.5 (?), v2v1
Info source: 150.6.5.5 (?), elected via Auto-RP
Uptime: 00:02:04, expires: 00:02:54
Group(s) 227.0.0.0/8
RP 150.6.5.5 (?), v2v1
Info source: 150.6.5.5 (?), elected via Auto-RP
Uptime: 00:02:04, expires: 00:02:55
6.2 Multicast Forwarding
r2#sh ip igmp mem
Flags: A – aggregate, T – tracked
L – Local, S – static, V – virtual, R – Reported through v3
I – v3lite, U – Urd, M – SSM (S,G) channel
1,2,3 – The version of IGMP the group is in
Channel/Group-Flags:
/ – Filtering entry (Exclude mode (S,G), Include mode (*,G))
Reporter:
<mac-or-ip-address> – last reporter if group is not explicitly tracked
<n>/<m> – <n> reporter in include mode, <m> reporter in excludeChannel/Group Reporter Uptime Exp. Flags Interface
*,228.22.22.22 0.0.0.0 00:00:27 stop 2SA Fa0/0
*,224.0.1.39 136.6.245.5 00:09:01 02:54 2A Se0/0
*,224.0.1.40 136.6.29.2 00:19:26 02:51 2LA Fa0/0r2#sh ip mroute | sec 228.
(*, 228.22.22.22), 00:01:32/stopped, RP 0.0.0.0, flags: DC
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Serial0/0, Forward/Sparse-Dense, 00:01:32/00:00:00
FastEthernet0/0, Forward/Sparse-Dense, 00:01:32/00:00:00
(136.6.245.5, 228.22.22.22), 00:00:35/00:02:30, flags: T
Incoming interface: Serial0/0, RPF nbr 136.6.245.5
Outgoing interface list:
FastEthernet0/0, Forward/Sparse-Dense, 00:00:35/00:00:00
(150.6.5.5, 228.22.22.22), 00:00:35/00:02:30, flags: T
Incoming interface: Serial0/0, RPF nbr 136.6.245.5
Outgoing interface list:
FastEthernet0/0, Forward/Sparse-Dense, 00:00:35/00:00:00
6.3 Multicast Filtering
It took me a while to understand this question, but I was able get the points for this task (it really helps that the task was called “Multicast Filtering”).
Pretty simple config using and ACL and “ip igmp access-group”
r4(config-ext-nacl)#int e0/0
r4(config-if)#ip igmp access-group FILTER_MULTI ?
<cr>
This must be inbound only:
r4#sh ip igmp int e0/0
Ethernet0/0 is up, line protocol is up
Internet address is 136.6.4.4/24
IGMP is enabled on interface
Current IGMP host version is 2
Current IGMP router version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 10 seconds
Last member query count is 2
Last member query response interval is 1000 ms
Inbound IGMP access group is FILTER_MULTI
IGMP activity: 1 joins, 0 leaves
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 136.6.4.4 (this system)
IGMP querying router is 136.6.4.4 (this system)
Multicast groups joined by this system (number of users):
224.0.1.40(1)
If you look at the documentation for “ip igmp access-group” it has some interesting ACLs:
The following are examples of extended access lists:
The first part of the extended access list clause controls the source (multicast sender), and the second part of the extended access list clause controls the multicast group.
Deny all state for a group G
deny igmp any host G
permit igmp any anyDeny all state for a source S
deny igmp host S any
permit igmp any anyPermit all state for a group G
permit igmp any host GPermit all state for a source S
permit igmp host S anyFilter a particular source for a group G
deny igmp host S host G
permit igmp any host G
6.4 Multicast Filtering
I had no idea on this one. I gave it the old college try by going under the interface and looking at the options for “ip igmp” and “ip pim” to see if I could steal some points, but nothing looked promising:
r1(config-if)#ip igmp ? [output filtered]
last-member-query-count IGMP last member query count
last-member-query-interval IGMP last member query interval
querier-timeout IGMP previous querier timeout
query-interval IGMP host query interval
query-max-response-time IGMP max query response valuer1(config-if)#ip pim ?
bidir-neighbor-filter PIM bidir capable peering filter
bsr-border Border of PIM domain
dense-mode Enable PIM dense-mode operation
dr-priority PIM router DR priority
nbma-mode Use Non-Broadcast Multi-Access (NBMA) mode on interface
neighbor-filter PIM peering filter
query-interval PIM router query interval
sparse-dense-mode Enable PIM sparse-dense-mode operation
sparse-mode Enable PIM sparse-mode operation
state-refresh PIM DM State-Refresh configuration
version PIM version
<cr>
I should have done this:
r1(config-if)#ip multicast ?
boundary Boundary for administratively scoped multicast addresses
helper-map Broadcast to Multicast map OR Multicast to ip-address map
rate-limit Rate limit multicast data packets
tagswitch Enable IP Multicast Tagswitching
ttl-threshold TTL threshold for multicast packets
December 2, 2007
Internetwork Expert Volume II: Lab 2 – Section 6
Section 6 - IP Multicast - 6 Points
Multicast is my absolute worst technology. I had very little hope of getting any of these tasks correct because I really haven’t done a lot of multicast study. This section turned out to be a pleasant surprise as the first two tasks were very easy.
6.1 asks you to configure a number of interfaces in pim sparse-mode. The task is very straight-forward. You are then asked to:
Configure r2′s most reliable interface as the RP for all multicast groups.
The most reliable interface must be lo0. Two things to keep in mind: 1) if you make an interface the RP, you’d better configure it for multicast (pim sparse-mode in this case) even if the task does not explicitly list it (as it did not in this case), and 2) you need to configure the RP address on each device (“ip pim rp-address x.x.x.x”).
6.2 just requires you to use “ip igmp join-group”.
6.3 completely bewildered me. The task described what would seem to be a complicated issue but it was resolved with “ip pim nbma-mode”. Oh well, I’m pretty happy with getting the first two sections correct.
