permit only specific mcast groups

  • 0
  • 2
  • Question
  • Updated 10 months ago
  • Answered
Hi, all!

I need to permit only specific mcast groups (for example  239.1.1.1 and 239.2.2.2), other - deny.
EXOS 15.3 
For this moment I havn't possibility to test this case.

Can somebody tell me - would it be working ACL:

entry SeparateMcast {
 if {
  destination-address 239.1.1.1/32;
  destination-address 239.2.2.2/32;
 }
 then {
  permit;
 }
}
 if {
  destination-address 224.0.0.0/4;
 }
 then {
  deny;
 }
}

Or may be present other solution?

Thank you!
Photo of Alexandr P

Alexandr P, Embassador

  • 12,040 Points 10k badge 2x thumb

Posted 10 months ago

  • 0
  • 2
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,474 Points 10k badge 2x thumb
Hello Alexandr,

You should be able to do that but you will need to create separate entries for each destination address. The switch will error out while trying to apply if there are two of the same match conditions in one entry.
Photo of Alexandr P

Alexandr P, Embassador

  • 12,040 Points 10k badge 2x thumb
Hello, Patrick!

You right.
I'm write at first step and then remember that it have to be 2 separate entries.

Like this:
entry e1 {
if {
destination-address 239.1.1.1/32;
 }
then
{
permit;
 }}
entry e2 {
if {
destination-address 239.2.2.2/32;
 }
then
{
permit;
}}
entry Drop {
if {
destination-address 239.22.0.0/16;
}
then
{
deny;
}}
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,086 Points 10k badge 2x thumb
Hi Alex,

That looks like it should work to me. I think your match condition may be off on the last entry though, if you want to block all multicast (224.0.0.0/4).
(Edited)