Cisco 3750G - Catalyst Integrated Wireless LAN Controller Configuration Manual page 992

Configuring IP Multicast Routing
Command
Step 3
access-list access-list-number {deny |
permit} source [source-wildcard]
Step 4
end
Step 5
show running-config
Step 6 copy running-config startup-config
To remove a filter on incoming RP announcement messages, use the no ip pim rp-announce-filter
rp-list access-list-number [group-list access-list-number] global configuration command.
This example shows a sample configuration on an Auto-RP mapping agent that is used to prevent
candidate RP announcements from being accepted from unauthorized candidate RPs:
Switch(config)# ip pim rp-announce-filter rp-list 10 group-list 20
Switch(config)# access-list 10 permit host 172.16.5.1
Switch(config)# access-list 10 permit host 172.16.2.1
Switch(config)# access-list 20 deny 239.0.0.0 0.0.255.255
Switch(config)# access-list 20 permit 224.0.0.0 15.255.255.255
In this example, the mapping agent accepts candidate RP announcements from only two devices,
172.16.5.1 and 172.16.2.1. The mapping agent accepts candidate RP announcements from these two
devices only for multicast groups that fall in the group range of 224.0.0.0 to 239.255.255.255. The
mapping agent does not accept candidate RP announcements from any other devices in the network.
Furthermore, the mapping agent does not accept candidate RP announcements from 172.16.5.1
or 172.16.2.1 if the announcements are for any groups in the 239.0.0.0 through 239.255.255.255 range.
This range is the administratively scoped address range.
Catalyst 3750 Switch Software Configuration Guide
40-18
Purpose
Create a standard access list, repeating the command as many times as
necessary.
For access-list-number, enter the access list number specified in
•
Step 2.
The deny keyword denies access if the conditions are matched.
•
The permit keyword permits access if the conditions are matched.
Create an access list that specifies from which routers and
•
multilayer switches the mapping agent accepts candidate RP
announcements (rp-list ACL).
• Create an access list that specifies the range of multicast groups
from which to accept or deny (group-list ACL).
• For source, enter the multicast group address range for which the
RP should be used.
• (Optional) For source-wildcard, enter the wildcard bits in dotted
decimal notation to be applied to the source. Place ones in the bit
positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 40 Configuring IP Multicast Routing
OL-8550-02