In order to ensure AutoRP and the administratively scoped multicast addresses do not leak outside or into your multicast domain you need to filter the following:
224.0.1.40 - The Cisco multicast router AUTO-RP-DISCOVERY address is the destination address for messages from the RP mapping agent to discover candidates
224.0.1.39 - The Cisco multicast router AUTO-RP-ANNOUNCE address is used by RP mapping agents to listen for candidate announcements
239.0.0.0/8 - Administratively Scoped
Create an ACL denying the respective IP's and ranges
access-list 24 deny 224.0.1.39
access-list 24 deny 224.0.1.40
access-list 24 deny 239.0.0.0 0.255.255.255
access-list 24 permit any
Apply to the interface using " ip multicast boundary"
inter fas 0/1
ip multicast boundary 24
Exploring the Splunk Web Interface | Major Features and Preferences Welcome
to this in-depth guide to the Splunk Web interface! In this video, we
explore...
5 weeks ago
1 comments:
A good companion article to this would be something on BSR boundary. BSR is the configuration of choice for the IE SP and is open standards.
Post a Comment