permit only specific mcast groups
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-01-2017 10:25 AM
Hi, all!
I need to permit only specific mcast groups (for example 239.1.1.1 and 239.2.2.2), other - deny.
EXOS 15.3
For this moment I havn't possibility to test this case.
Can somebody tell me - would it be working ACL:
entry SeparateMcast {
if {
destination-address 239.1.1.1/32;
destination-address 239.2.2.2/32;
}
then {
permit;
}
}
if {
destination-address 224.0.0.0/4;
}
then {
deny;
}
}
Or may be present other solution?
Thank you!
I need to permit only specific mcast groups (for example 239.1.1.1 and 239.2.2.2), other - deny.
EXOS 15.3
For this moment I havn't possibility to test this case.
Can somebody tell me - would it be working ACL:
entry SeparateMcast {
if {
destination-address 239.1.1.1/32;
destination-address 239.2.2.2/32;
}
then {
permit;
}
}
if {
destination-address 224.0.0.0/4;
}
then {
deny;
}
}
Or may be present other solution?
Thank you!
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-01-2017 10:43 AM
Hello Alexandr,
You should be able to do that but you will need to create separate entries for each destination address. The switch will error out while trying to apply if there are two of the same match conditions in one entry.
You should be able to do that but you will need to create separate entries for each destination address. The switch will error out while trying to apply if there are two of the same match conditions in one entry.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-01-2017 10:43 AM
Hi Alex,
That looks like it should work to me. I think your match condition may be off on the last entry though, if you want to block all multicast (224.0.0.0/4).
That looks like it should work to me. I think your match condition may be off on the last entry though, if you want to block all multicast (224.0.0.0/4).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-01-2017 10:43 AM
Hello, Patrick!
You right.
I'm write at first step and then remember that it have to be 2 separate entries.
Like this:
entry e1 {
if {
destination-address 239.1.1.1/32;
}
then
{
permit;
}}
entry e2 {
if {
destination-address 239.2.2.2/32;
}
then
{
permit;
}}
entry Drop {
if {
destination-address 239.22.0.0/16;
}
then
{
deny;
}}
You right.
I'm write at first step and then remember that it have to be 2 separate entries.
Like this:
entry e1 {
if {
destination-address 239.1.1.1/32;
}
then
{
permit;
}}
entry e2 {
if {
destination-address 239.2.2.2/32;
}
then
{
permit;
}}
entry Drop {
if {
destination-address 239.22.0.0/16;
}
then
{
deny;
}}
