In order to ensure AutoRP and the administratively scoped multicast addresses do not leak outside or into your multicast domain you need to filter the following:
224.0.1.40 - The Cisco multicast router AUTO-RP-DISCOVERY address is the destination address for messages from the RP mapping agent to discover candidates
224.0.1.39 - The Cisco multicast router AUTO-RP-ANNOUNCE address is used by RP mapping agents to listen for candidate announcements
239.0.0.0/8 - Administratively Scoped
Create an ACL denying the respective IP's and ranges
access-list 24 deny 224.0.1.39
access-list 24 deny 224.0.1.40
access-list 24 deny 239.0.0.0 0.255.255.255
access-list 24 permit any
Apply to the interface using " ip multicast boundary"
inter fas 0/1
ip multicast boundary 24
Have you been studying for an AWS certification and have yet to actually
test? Now might be the time. AWS is currently offering free retakes of
their cer...
5 weeks ago
1 comments:
A good companion article to this would be something on BSR boundary. BSR is the configuration of choice for the IE SP and is open standards.
Post a Comment