[j-nsp] Multicast IGMP filter

ML ml at kenweb.org
Fri Jan 18 15:20:11 EST 2013 

On 1/18/2013 2:37 AM, Riccardo S wrote:
>
>
> Hi
>
> I’ve
> an IGMP filter applied to some interfaces and done in this way:
>
>   
>
> set
> protocols igmp interface gr-0/0/0.11 group-policy IGMP-test-B
>
>   
>
> This
> filter is needed to avoid the join report from the remote CPE for none group
> otherwise not explicitly permitted. Here the policy:
>
>   
>
> set
> policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
> 239.239.239.239/32 exact
>
> set
> policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
> 239.239.233.233/32 exact
>
> set
> policy-options policy-statement IGMP-test-B term PAYTV-FEED-B then accept
>
> set
> policy-options policy-statement IGMP-test-B term LAST then reject
>
>   
>
> My
> question is: my customer uses IGMPv3, can I also filter the source of the group to be permitted ?
>
>   
>
> I’ve
> done in this way:
>
>   
>
> set
> policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
> 239.239.239.239/32 exact
>
> set
> policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from route-filter
> 239.239.233.233/32 exact
>
> set
> policy-options policy-statement IGMP-test-B term PAYTV-FEED-B from source-address-filter
> 10.1.1.1 exact
>
> set
> policy-options policy-statement IGMP-test-B term PAYTV-FEED-B then accept
>
> set
> policy-options policy-statement IGMP-test-B term LAST then reject
>
>   
>
> But
> is not working since my customer use IGMP v2 (I guesS), I always get the flow also from
> other sources...
>
>
> Is
> there a way to filter the source with IGMPv2 ?
>
>
> Or  is there another way to avoid my customer to
> get the flow from a source not permitted ?
>
>
> Any
> advice ?
>
>   
>
> Tks
>
>   		 	   		
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



Since your client isn't using IGMPv3 then they are always going to see 
every source for a group.   I guess your customer can't move to IGMPv3?

Have you tried a simple firewall filter for the sources you don't want?

More information about the juniper-nsp mailing list