[c-nsp] Equivalent of "ip multicast boundary" on N7k for blocking data packets?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 5 07:12:05 EDT 2013
On 03/06/13 21:44, Tim Stevenson wrote:
> At 01:08 PM 6/3/2013 Monday, Phil Mayers clamored:
>> How can I accomplish the equivalent of the "boundary" on NX-OS 5.2 for
>> N7k, given it lacks the command? Does one just use a normal ACL, and
>> if so, are there any caveats to doing so e.g. does "boundary" do
>> *other* things that a plain ACL would miss?
>
> In n7k, you must use a combination of control plane & data plane
> filtering to get the equivalent functionality of multicast boundary.
>
> For data plane, it's nothing more than ip access-group with matches on
> multicast traffic.
Just to say, this does all work, but it takes a few minutes to kick in -
if you add the data-plane ACL then "clear ip mroute", the routes just
reappear. They die off a few minutes later - presumably something
hardware-related.
Can't say I'm loving the NX-OS CLI paradigm for this particular feature
though - having to merge the unicast and multicast ACEs is a pain,
absent any templating/"include other ACL" functionality :o(
More information about the cisco-nsp
mailing list