By default, when does a Cisco router switch over from the root-path-tree to the source-specific SPT?
Highlight for answer: When the first packet is received from the shared tree. You can change this with the ‘ip pim spt-threshold’ command.
By default, when does a Cisco router switch over from the root-path-tree to the source-specific SPT?
Highlight for answer: When the first packet is received from the shared tree. You can change this with the ‘ip pim spt-threshold’ command.
Section 5 – IP Multicast – 11 Points
5.1 PIM
Basic multicast task. We are not told which PIM mode to use, but by reading ahead we can see that we’ll be using Auto-RP so we’ll need sparse-dense mode.
5.2 Auto-RP
Configure r1 and r2 to use Auto-RP and announce their lo0 interfaces as candidate RP’s.
Configuring Sparse Mode with Auto-RP
“Configure r3 to map all multicast groups with an even numbered first octet to r1 and odd-numbered to r2.”
There’s no “minimal configuration” stipulation so let’s just make so basic access-lists:
r1(config)#ip access-list standard TASK_5_2_EVEN
r1(config-std-nacl)#permit 224.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 226.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 228.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 230.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 232.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 234.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 236.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 238.0.0.0 0.255.255.255
r1(config)#ip pim send-rp-announce lo0 scope 16 group-list TASK_5_2_EVEN
On r3(mapping agent) you will need to apply those same ACLs and then:
r3(config)#ip pim send-rp-discovery lo0 scope 16
Now we need to set up our rp-list ACLs:
r3(config)#ip access-list standard R1_LOOP
r3(config-std-nacl)#permit 150.1.1.1
r3(config-std-nacl)#ip access-list standard R2_LOOP
r3(config-std-nacl)#permit 150.1.2.2
Finally, we set our rp-announce-filters:
r3(config)#ip pim rp-announce-filter rp-list R1_LOOP group-list TASK_5_2_EVEN
r3(config)#ip pim rp-announce-filter rp-list R2_LOOP group-list TASK_5_2_ODD
For some reason I could not get the r2 to map even though my configuration was correct and r2 saw itself elected:
r2#sh ip pim rp map
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
The problem was that there was no multicast path to r2. I forgot to configure PIM on the Multilink interfaces on r2 and r3. DOH!!!
5.3 Multicast Distribution
Multicast traffic should switch to a source based tree once a source is sending 128Kbps or more.
r1(config)#ip pim spt-threshold 128
5.4 Multicast Testing
Users in VLAN 4 cannot receive multicast feeds from VLAN 52.
“Configure…so that r4 responds to ICMP echo requests sent the multicast group 224.4.4.4 from VLAN 52.”
First things first:
r4(config)#int f0/0
r4(config-if)#ip igmp join-group 224.4.4.4
These VLANs are on the spokes. PIM NBMA mode is needed on the hub.
Before:
r5#p 224.4.4.4 source 174.1.45.5
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 174.1.45.5
.
r5#
r1(config-if)#ip pim nbma-mode
PIM nbma-mode is not recommended for sparse-dense-mode
After:
r5#p 224.4.4.4 source 174.1.45.5
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 174.1.45.5
Reply to request 0 from 174.1.145.4, 52 ms
5.5 Broadcast Distribution
This is a common scenario in which we need to map a multicast feed to a broadcast address using the ‘ip multicast helper-map’ command.
Section 6 – IP Multicast – 8 Points
6.1 PIM
I doesn’t get any easier than this. You’re asked to configure dense mode on specific interfaces.
6.2 Multicast Distribution
Users in VLAN 22 want access to a video feed on 225.25.25.25 (using UDP port 31337) from VLAN 17. For some reason (most likely because PIM is not configured on r3’s s1/3 🙂 ) r3 is not passing this traffic to r2. Configure the network so that the users can receive traffic from this group.
“Do not enable PIM on any additional interfaces to accomplish this.”
Fuck. There goes the easy solution.
This has me stumped. The multicast path from VLAN 17 to VLAN 12 is broken at r3. Is there a way to change this traffic to unicast or broadcast traffic? Yup. 🙂
To allow IP multicast routing in a multicast-capable internetwork between two broadcast-only internetworks, use the ip multicast helper-map command in interface configuration mode.
Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks
r3:
Rack16R3(config)#ip access-list ex TASK_6_2
Rack16R3(config-ext-nacl)#permit udp any any eq 31337
Rack16R3(config)#ip forward-protocol udp 31337
Rack16R3(config)#int s1/3
Rack16R3(config-if)#ip directed-broadcast
Rack16R3(config)int s1/2
Rack16R3(config-if)ip multicast helper-map 225.25.25.25 129.16.23.255 TASK_6_2
r2:
Rack16R2(config)#ip forward-protocol udp 31337
Rack16R2(config)#ip access-list ex TASK_6_2
Rack16R2(config-ext-nacl)#permit udp any any eq 31337
Rack16R2(config-ext-nacl)#int s0/1
Rack16R2(config-if)#ip multicast helper-map broadcast 225.25.25.25 TASK_6_2
There are a lot of verification commands in the solution guide, but nothing as far a breakdown.
6.3 Static RP
Well you didn’t think that we were going to get away with just running dense-mode on three devices did you? This task has you set up a pim-spare multicast network in the OSPF half of the network.
The weird bit is that we have to create loopback 1 on r4 and r5 and then give them the same address and advertise them into OSPF.
Then we need to configure r6 to use r4’s loopback 1 as the RP and sw2 to use r5’s loopback 1 as the RP. If either should fail, then they should switch over to the other loopback 1 as the RP. Remember, these loopbacks have the same /32 address.
Enter a command I’ve never heard of before”
To configure a Multicast Source Discovery Protocol (MSDP) peer, use the ip msdp peer command in global configuration mode.
Rack16R5(config)#ip msdp peer 150.16.4.4 connect-source lo0
Rack16R4(config)#ip msdp peer 150.16.5.5 connect-source lo0
Aug 12 14:05:14.346: %MSDP-5-PEER_UPDOWN: Session to peer 150.16.5.5 going up
After that bit is configured, just statically map your RP’s on r6 and sw2:
Rack16R6(config)#ip pim rp-address 150.16.0.255
Rack16SW2(config)#ip pim rp-address 150.16.0.255
Rack16R4#sh ip msdp peer
MSDP Peer 150.16.5.5 (?), AS 100
Connection status:
State: Up, Resets: 0, Connection source: Loopback0 (150.16.4.4)
Uptime(Downtime): 00:00:37, Messages sent/received: 0/1
Output messages discarded: 0
Connection and counters cleared 00:00:37 ago
SA Filtering:
Input (S,G) filter: none, route-map: none
Input RP filter: none, route-map: none
Output (S,G) filter: none, route-map: none
Output RP filter: none, route-map: none
SA-Requests:
Input filter: none
Peer ttl threshold: 0
SAs learned from this peer: 0
Input queue size: 0, Output queue size: 0
Rack16R4#sh ip msdp summary
MSDP Peer Status Summary
Peer Address AS State Uptime/ Reset SA Peer Name
Downtime Count Count
150.16.5.5 100 Up 00:01:05 0 0 ?
Rack16R6#sh ip pim rp map
PIM Group-to-RP Mappings
Group(s): 224.0.0.0/4, Static
RP: 150.16.0.255 (?)
Rack16SW2#sh ip pim rp mapp
PIM Group-to-RP Mappings
Group(s): 224.0.0.0/4, Static
RP: 150.16.0.255 (?)
Section 5 – IP Multicast – 9 Points
5.1 PIM
You are asked to configured IP Multicast on a number of specific interfaces. You are not told which PIM mode to use, but the last requirement is:
“Multicast groups without an active RP should run in dense mode.”
This statement (and the following tasks) shows that there will be an RP. We run sparse mode with RPs. But we need to make sure that if a group finds itself without an active RP it should run in dense mode. This means we need to run sparse-dense mode.
r1(config)#ip multicast-routing
r1(config)#int fa0/0
r1(config-if)#ip pim sparse-dense-mode
5.2 RP Assignment
Configure a couple of loopbacks as RP candidates via Auto-RP. You are also asked to have r1 act as the mapping agent and to map 239.0.0.0-239.255.255.255 to r3 and 226.0.0.0-238.255.255.255 to r5. The final requirement is:
“Use the minimum number of access-lists and access list entries on r1 to accomplish this.”
Let’s set up our RP candidates first
To use Auto-RP to configure groups for which the router will act as a rendezvous point (RP), use the ip pim send-rp-announce command in global configuration mode. To unconfigure this router as an RP, use the no form of this command.
r3:
r3(config)#int lo0
r3(config-if)#ip pim sparse-dense-mode
r3(config)#access-list 31 perm 239.0.0.0 0.255.255.255
r3(config)#ip pim send-rp-announce lo0 scope 16 group-list 31
The last requirement is for the minimal ACL lines on r1, not r5, so I can be as verbose as I like 🙂
r5(config)#int lo0
r5(config-if)#ip pim sparse-dense-mode
r5(config)#access-list 51 perm 226.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 227.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 228.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 229.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 230.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 231.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 232.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 233.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 234.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 235.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 236.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 237.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 238.0.0.0 0.255.255.255
Now the mapping agent:
r1(config)#int lo0
r1(config-if)#ip pim sparse-dense-mode
r1(config)#ip pim send-rp-discovery lo0 scope 16
Okay. Now to assign the correct RP to the correct groups:
To filter incoming Auto-RP announcement messages coming from the rendezvous point (RP), use the ip pim rp-announce-filter command in global configuration mode. To remove the filter, use the no form of this command.
ip pim [vrf vrf-name] rp-announce-filter rp-list access-list group-list access-list
no ip pim [vrf vrf-name] rp-announce-filter rp-list access-list group-list access-list
Syntax Description
vrf
(Optional) Supports the multicast Virtual Private Network (VPN) routing and forwarding (VRF) instance.
vrf-name
(Optional) Name assigned to the VRF.
rp-list access-list
Specifies the number or name of a standard access list of RP addresses that are allowable for the group ranges
supplied in the group-list access-list combination.
group-list access-list
Specifies the number or name of a standard access list that describes the multicast groups the RPs serve.
It looks like we’ll need two ACLs for each RP filter – one that matches the RP and another that matches the groups we want assigned that RP.
r1(config)#access-list 3 perm 150.1.3.3 <-r3’s loopback
r1(config)#access-list 5 perm 150.1.5.5 <-r3’s loopback
r1(config)#access-list 31 perm 239.0.0.0 0.255.255.255 <-groups associated with r3’s loopback
Now the hard part, or “How I Lost The Three Points”
I fell for the trap on the “minimal ACL:
226 – 1110|0010
238 – 1110|1110
224.0.0.0 15.255.255.255
r1(config)#access-list 51 perm 224.0.0.0 15.255.255.255
Unfortunately that range overlaps. IE had the following:
access-list 51 deny 224.0.0.0 1.255.255.255
access-list 51 deny 239.0.0.0 0.255.255.255
access-list 51 permit 224.0.0.0 15.255.255.255
The first 2 lines deny the overlapping space. There’s a nice breakdown on this in the solution guide.
I did get the rest correct, but I had already lost the 3 points:
r1(config)#ip pim rp-announce-filter rp-list 3 group-list 31
r1(config)#ip pim rp-announce-filter rp-list 5 group-list 51
r1#sh ip pim rp mapping 239.0.0.0
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback0)
Group(s) 239.0.0.0/8
RP 150.1.3.3 (?), v2v1
Info source: 150.1.3.3 (?), elected via Auto-RP
Uptime: 00:18:32, expires: 00:02:23
r1#sh ip pim rp mapping 238.0.0.0
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback0)
Group(s) 238.0.0.0/8
RP 150.1.5.5 (?), v2v1
Info source: 150.1.5.5 (?), elected via Auto-RP
Uptime: 00:01:38, expires: 00:02:21
5.3 Multicast Security
“For security reasons do not allow BB2 to become a PIM neighbor with r1.”
Cool. Two easy points.
r1(config)#access-list 53 deny 192.10.1.254
r1(config)#access-list 53 permit any
r1(config)#int fa0/0
r1(config-if)#ip pim neighbor-filter 53
5.4 Multicast Filtering
Configure sw2 so that it will not receive any administratively scoped multicast groups.
I pulled this one out of my butt by searching for “administratively scoped” in the IP Multicast command reference.
The configuration example was exactly what I need:
Examples
The following example shows how to set up an IP multicast boundary for all administratively scoped IPv4 multicast addresses by denying the entire administratively scoped IPv4 multicast address space (239.0.0.0/8).
All other Class D addresses are permitted (224.0.0.0/4).
access-list 1 deny 239.0.0.0 0.255.255.255
access-list 1 permit 224.0.0.0 15.255.255.255
interface ethernet 0
ip multicast boundary 1
r3(config)#access-list 54 deny 239.0.0.0 0.255.255.255
r3(config)#access-list 54 permit 224.0.0.0 15.255.255.255
r3(config)#int fa0/0
r3(config-if)#ip multicast boundary 54
5.5 Multicast Distribution
Configure the network so that the multicast groups that use r3 as their RP must always use a shared tree.
Okay. I had NO clue on this one.
To configure when a Protocol Independent Multicast (PIM) leaf router should join the shortest path source tree for the specified group, use the ip pim spt-threshold command in global configuration mode.
If the infinity keyword is specified, all sources for the specified group will use the shared tree. Specifying a group list access list indicates the groups to which the threshold applies.
r1(config)#access-list 55 permit 239.0.0.0 0.255.255.255
r1(config)#ip pim spt-threshold infinity group-list 52
IP Multicast – 8 Points
5.1 PIM
Easy task. There is a typo in the task. You need to configure pim dense-mode on sw1’s fa0/14 interface (not fa0/2).
Task 5.1 – typo error in the task description
5.2 PIM Filtering
Configure r1 so that it does not become a PIM neighbor with r5. r5 should still allow clients on VLAN 5 to receive multicast traffic.
This is a case of multicast stub routing. There is a very nice breakdown on this in the solution guide. I’m still struggling with advanced multicast. I need to take some time and review multicast.
Before:
r1(config)#do sh ip pim neig
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
S – State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
191.1.125.5 Serial0/0 00:17:02/00:01:27 v2 1 / DR S
191.1.125.2 Serial0/0 00:18:55/00:01:32 v2 1 / S
191.1.13.3 Serial0/1 00:17:58/00:01:31 v2 1 / S
After:
*Mar 1 20:54:06.241: %PIM-5-NBRCHG: neighbor 191.1.125.5 DOWN on interface Serial0/0 DR
*Mar 1 20:54:06.241: %PIM-5-DRCHG: DR change from neighbor 191.1.125.5 to 191.1.125.2 on interface Serial0/0
r1(config-if)#do sh ip pim nei
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
S – State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
191.1.125.2 Serial0/0 00:20:49/00:01:37 v2 1 / DR S <-No more r5
191.1.13.3 Serial0/1 00:19:52/00:01:35 v2 1 / S
r5#sh ip igmp int fa0/0 | i help
IGMP helper address is 191.1.125.1
5.3 IGMP
Configure VLAN 363 on r3 (fa0/0) to support IGMP version 1.
r3(config)#int fa0/0
r3(config-if)#ip igmp version 1
r3#sh ip igmp int fa0/0 | i ver
Current IGMP host version is 1
Current IGMP router version is 1
5.4 Multicast Testing
Configure sw1 to forward traffic for multicast group 225.25.25.25 but do not allow sw1 to process switch this traffic.
sw1(config)#int vlan 7
sw1(config-if)#ip igmp static-group 225.25.25.25
sw1#sh ip igmp group
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
225.25.25.25 Vlan7 00:00:25 stopped 0.0.0.0
224.0.1.40 FastEthernet0/14 00:39:18 00:02:30 191.1.27.2
sw1#sh ip multicast int vlan 7
Vlan7 is up, line protocol is up
Internet address is 191.1.7.7/24
Multicast routing: enabled
Multicast switching: distributed <-Should say process
Multicast packets in/out: 0/0
Multicast boundary: not set
Multicast TTL threshold: 0
Multicast Tagswitching: disabled
Hmmmmm…..I never could get my output to show process switching. 😦
Section 5 – Multicast – 8 Points
IE mixed it up a bit on this lab. Usually BGP comes directly after IGP, but I get to deal with Multicast instead. Oh joy!
5.1 PIM
This was about as easy of a task as you could ask for in Multicast. You are given the PIM mode to configure, the interfaces to configure, and the devices to configure. Really straight-forward task.
5.2 Auto-RP
Since we’re going to be using auto-rp, we need to configure ‘ip pim autorp listener’ on all Mulitcast devices (even the potential RPs). Then we can announce our RPs:
ip pim autorp listener(Cisco still hasn’t fixed the 12.4 links)
r2(config)#access-list 10 permit 225.0.0.0 0.255.255.255
r2(config)#ip pim send-rp-announce lo0 scope 16 group-list 10
Must first configure PIM mode on the interface: Loopback0r2(config)#int lo0
r2(config-if)#ip pim sparse-mode
*Jan 13 21:02:08.192: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 150.1.2.2 on interface Loopback0
r2(config-if)#exit
r2(config)#ip pim send-rp-announce lo0 scope 16 group-list 10r2#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
We need to make sw2 “responsible for the group to RP mappings”:
sw2(config)#ip pim send-rp-discovery lo0 scope 16
Non IP or PIM interface ignored in accepted command.sw2(config)#int lo0
sw2(config-if)#ip pim sparse-mode
sw2(config-if)#exit
sw2(config)#ip pim send-rp-discovery lo0 scope 16auto-rp is on the job:
sw2#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback0)Group(s) 225.0.0.0/8
RP 150.1.2.2 (?), v2v1
Info source: 150.1.2.2 (?), elected via Auto-RP
Uptime: 00:01:25, expires: 00:02:31
Group(s) 239.0.0.0/8
RP 150.1.5.5 (?), v2v1
Info source: 150.1.5.5 (?), elected via Auto-RP
Uptime: 00:02:01, expires: 00:02:55
5.3 Multicast Testing
“Configure r3’s interface fa0/0 as a member of the multicast group 225.25.25.25 and interface fa0/1 as a member of 239.39.39.39.”
“Ensure that r3 responds to pings sent to these multicast groups from VLANs 12 and 43”
r3(config)#int fa0/0
r3(config-if)#ip igmp join-group 225.25.25.25r3#sh ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter Gr
oup Accounted
225.25.25.25 FastEthernet0/0 00:00:14 00:02:45 141.1.37.3
224.0.1.40 FastEthernet0/0 00:42:49 00:01:58 141.1.37.7r1#ping 225.25.25.25 re 1 source 192.10.1.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 192.10.1.1Reply to request 0 from 141.1.123.3, 16 ms
Everything was going great, until:
r4#ping 225.25.25.25 re 1 source 204.12.1.4
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 204.12.1.4
.r4#sh ip mroute 225.25.25.25
(*, 225.25.25.25), 00:00:20/stopped, RP 150.1.2.2, flags: SPF
Incoming interface: FastEthernet0/0, RPF nbr 141.1.145.5
Outgoing interface list: Null
I had to look at the solution guide on this one. I figured out that I needed ‘ip pim nbma-mode’ on r2, but I completely missed the fact that I needed to configure each end of the tunnel with ‘ip pim spare-mode’
5.4 Multicast Rate Limiting
“configure sw1 so that no more than 1Mbps of multicast traffic is sent out towards r3.”
Okay…this is new. Time to mine the DOC.
To control the rate a sender from the source list can send to a multicast group in the group list, use the ip multicast rate-limit command in interface configuration mode. To remove the control, use the no form of this command.
sw1(config-if)#int vlan7
sw1(config-if)#ip multicast rate-limit ?
in Rate limit incoming packets
out Rate limit outgoing packetssw1(config-if)#ip multicast rate-limit out ?
<0-4294967> Rate in kilobits per second
group-list Rate limit for groups
source-list Rate limit for sources
video Rate limit video only
whiteboard Rate limit whiteboard only
<cr>sw1(config-if)#ip multicast rate-limit out 1000 ?
<cr>sw1(config-if)#ip multicast rate-limit out 1000
Section 6 – Multicast – 8 Points
6.1 PIM
This was a basic task. You need to configure IP Multicast on some fo the routers and then PIM on certain interfaces. Make r5’s loopback 0 the RP for a certain set of multicast groups. The rest should not use an RP.
So we know that we have a mixture of PIM dense and PIM sparse because certain Multicast groups will require an RP while others will not. Thus we need to configure “ip pim sparse-dense-mode”.
Good luck looking at the 12.4 command reference though:
ip pim register-source IMC-183
The Page You Have Requested Is Not Available
The page you are trying to access may have been moved to a different location or removed. If you typed the address, please verify that the spelling is correct.
I’m not sure how you would handle this in the lab, but I just jumped to the 12.3 documentation:
To use lo0 (the wrong way):
To configure the IP source address of a register message to an interface address other than the outgoing interface address of the designated router (DR) leading toward the rendezvous point (RP), use the ip pim register-source command in global configuration mode. To disable this configuration, use the no form of this command.
ip pim [vrf vrf-name] register-source interface-type interface-number
no ip pim [vrf vrf-name] register-source interface-type interface-number
I had everything that I needed EXCEPT a way to limit the RP to certain Multicast groups. I was completely lost. The answer was easy, but I took a wrong turn with “ip pim register-source”. I really need to review Multicast.
You need an ACL and these two commands:
To use Auto-RP to configure groups for which the router will act as a rendezvous point (RP), use the ip pim send-rp-announce command in global configuration mode. To unconfigure this router as an RP, use the no form of this command.
ip pim [vrf vrf-name] send-rp-announce interface-type interface-number scope ttl-value [group-list access-list] [interval seconds] [bidir]
no ip pim [vrf vrf-name] send-rp-announce interface-type interface-number scope ttl-value [group-list access-list] [interval seconds] [bidir]
ip pim send-rp-discovery
Don’t forget to configure ip pim on the RP interface:
r5(config)#ip pim send-rp-announce lo0 scope 16 group-list 69
Must first configure PIM mode on the interface: Loopback0
The solution guide has a nice write-up on this task.
Nice verification command:
r1#sh ip pim rp mapping
PIM Group-to-RP MappingsGroup(s) 225.0.0.0/8
RP 150.6.5.5 (?), v2v1
Info source: 150.6.5.5 (?), elected via Auto-RP
Uptime: 00:02:04, expires: 00:02:51
Group(s) 226.0.0.0/8
RP 150.6.5.5 (?), v2v1
Info source: 150.6.5.5 (?), elected via Auto-RP
Uptime: 00:02:04, expires: 00:02:54
Group(s) 227.0.0.0/8
RP 150.6.5.5 (?), v2v1
Info source: 150.6.5.5 (?), elected via Auto-RP
Uptime: 00:02:04, expires: 00:02:55
6.2 Multicast Forwarding
r2#sh ip igmp mem
Flags: A – aggregate, T – tracked
L – Local, S – static, V – virtual, R – Reported through v3
I – v3lite, U – Urd, M – SSM (S,G) channel
1,2,3 – The version of IGMP the group is in
Channel/Group-Flags:
/ – Filtering entry (Exclude mode (S,G), Include mode (*,G))
Reporter:
<mac-or-ip-address> – last reporter if group is not explicitly tracked
<n>/<m> – <n> reporter in include mode, <m> reporter in excludeChannel/Group Reporter Uptime Exp. Flags Interface
*,228.22.22.22 0.0.0.0 00:00:27 stop 2SA Fa0/0
*,224.0.1.39 136.6.245.5 00:09:01 02:54 2A Se0/0
*,224.0.1.40 136.6.29.2 00:19:26 02:51 2LA Fa0/0r2#sh ip mroute | sec 228.
(*, 228.22.22.22), 00:01:32/stopped, RP 0.0.0.0, flags: DC
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Serial0/0, Forward/Sparse-Dense, 00:01:32/00:00:00
FastEthernet0/0, Forward/Sparse-Dense, 00:01:32/00:00:00
(136.6.245.5, 228.22.22.22), 00:00:35/00:02:30, flags: T
Incoming interface: Serial0/0, RPF nbr 136.6.245.5
Outgoing interface list:
FastEthernet0/0, Forward/Sparse-Dense, 00:00:35/00:00:00
(150.6.5.5, 228.22.22.22), 00:00:35/00:02:30, flags: T
Incoming interface: Serial0/0, RPF nbr 136.6.245.5
Outgoing interface list:
FastEthernet0/0, Forward/Sparse-Dense, 00:00:35/00:00:00
6.3 Multicast Filtering
It took me a while to understand this question, but I was able get the points for this task (it really helps that the task was called “Multicast Filtering”). 🙂
Pretty simple config using and ACL and “ip igmp access-group”
r4(config-ext-nacl)#int e0/0
r4(config-if)#ip igmp access-group FILTER_MULTI ?
<cr>
This must be inbound only:
r4#sh ip igmp int e0/0
Ethernet0/0 is up, line protocol is up
Internet address is 136.6.4.4/24
IGMP is enabled on interface
Current IGMP host version is 2
Current IGMP router version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 10 seconds
Last member query count is 2
Last member query response interval is 1000 ms
Inbound IGMP access group is FILTER_MULTI
IGMP activity: 1 joins, 0 leaves
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 136.6.4.4 (this system)
IGMP querying router is 136.6.4.4 (this system)
Multicast groups joined by this system (number of users):
224.0.1.40(1)
If you look at the documentation for “ip igmp access-group” it has some interesting ACLs:
The following are examples of extended access lists:
The first part of the extended access list clause controls the source (multicast sender), and the second part of the extended access list clause controls the multicast group.
Deny all state for a group G
deny igmp any host G
permit igmp any anyDeny all state for a source S
deny igmp host S any
permit igmp any anyPermit all state for a group G
permit igmp any host GPermit all state for a source S
permit igmp host S anyFilter a particular source for a group G
deny igmp host S host G
permit igmp any host G
6.4 Multicast Filtering
I had no idea on this one. I gave it the old college try by going under the interface and looking at the options for “ip igmp” and “ip pim” to see if I could steal some points, but nothing looked promising:
r1(config-if)#ip igmp ? [output filtered]
last-member-query-count IGMP last member query count
last-member-query-interval IGMP last member query interval
querier-timeout IGMP previous querier timeout
query-interval IGMP host query interval
query-max-response-time IGMP max query response valuer1(config-if)#ip pim ?
bidir-neighbor-filter PIM bidir capable peering filter
bsr-border Border of PIM domain
dense-mode Enable PIM dense-mode operation
dr-priority PIM router DR priority
nbma-mode Use Non-Broadcast Multi-Access (NBMA) mode on interface
neighbor-filter PIM peering filter
query-interval PIM router query interval
sparse-dense-mode Enable PIM sparse-dense-mode operation
sparse-mode Enable PIM sparse-mode operation
state-refresh PIM DM State-Refresh configuration
version PIM version
<cr>
I should have done this:
r1(config-if)#ip multicast ?
boundary Boundary for administratively scoped multicast addresses
helper-map Broadcast to Multicast map OR Multicast to ip-address map
rate-limit Rate limit multicast data packets
tagswitch Enable IP Multicast Tagswitching
ttl-threshold TTL threshold for multicast packets
Section 6 – IP Multicast – 6 Points
Multicast is my absolute worst technology. I had very little hope of getting any of these tasks correct because I really haven’t done a lot of multicast study. This section turned out to be a pleasant surprise as the first two tasks were very easy.
6.1 asks you to configure a number of interfaces in pim sparse-mode. The task is very straight-forward. You are then asked to:
Configure r2’s most reliable interface as the RP for all multicast groups.
The most reliable interface must be lo0. Two things to keep in mind: 1) if you make an interface the RP, you’d better configure it for multicast (pim sparse-mode in this case) even if the task does not explicitly list it (as it did not in this case), and 2) you need to configure the RP address on each device (“ip pim rp-address x.x.x.x”).
6.2 just requires you to use “ip igmp join-group”.
6.3 completely bewildered me. The task described what would seem to be a complicated issue but it was resolved with “ip pim nbma-mode”. Oh well, I’m pretty happy with getting the first two sections correct.