Header Only - DO NOT REMOVE - Extreme Networks

permit only specific mcast groups


Userlevel 6
Hi, all!

I need to permit only specific mcast groups (for example 239.1.1.1 and 239.2.2.2), other - deny.
EXOS 15.3
For this moment I havn't possibility to test this case.

Can somebody tell me - would it be working ACL:

entry SeparateMcast {
if {
destination-address 239.1.1.1/32;
destination-address 239.2.2.2/32;
}
then {
permit;
}
}
if {
destination-address 224.0.0.0/4;
}
then {
deny;
}
}

Or may be present other solution?

Thank you!

3 replies

Userlevel 6
Hello Alexandr,

You should be able to do that but you will need to create separate entries for each destination address. The switch will error out while trying to apply if there are two of the same match conditions in one entry.
Userlevel 6
Patrick Voss wrote:

Hello Alexandr,

You should be able to do that but you will need to create separate entries for each destination address. The switch will error out while trying to apply if there are two of the same match conditions in one entry.

Hello, Patrick!

You right.
I'm write at first step and then remember that it have to be 2 separate entries.

Like this:
entry e1 {
if {
destination-address 239.1.1.1/32;
}
then
{
permit;
}}
entry e2 {
if {
destination-address 239.2.2.2/32;
}
then
{
permit;
}}
entry Drop {
if {
destination-address 239.22.0.0/16;
}
then
{
deny;
}}
Userlevel 7
Patrick Voss wrote:

Hello Alexandr,

You should be able to do that but you will need to create separate entries for each destination address. The switch will error out while trying to apply if there are two of the same match conditions in one entry.

Hi Alex,

That looks like it should work to me. I think your match condition may be off on the last entry though, if you want to block all multicast (224.0.0.0/4).

Reply