All things related to multicast

[Greg Shepherd <>]

On Mon, 6 Dec 1999, Beau Williamson wrote:

> At 02:33 PM 12/5/1999, Kevin C. Almeroth wrote:
> >Does anybody else have any suggestions/comments/recommendations?
> >
> >-Kevin
> >
> >>>Here is the current recommendation:
> >>>
> >>>access-list 111 deny   ip any host 224.0.2.2
> >>>access-list 111 deny   ip any host 224.0.1.3
> >>>access-list 111 deny   ip any host 224.0.1.24
> >>>access-list 111 deny   ip any host 224.0.1.22
> >>>access-list 111 deny   ip any host 224.0.1.2
> >>>access-list 111 deny   ip any host 224.0.1.35
> >>>access-list 111 deny   ip any host 224.0.1.60
> >>>access-list 111 deny   ip any host 224.0.1.39
> >>>access-list 111 deny   ip any host 224.0.1.40
> >>>access-list 111 deny   ip any 239.0.0.0 0.255.255.255
> >>>access-list 111 deny   ip 10.0.0.0 0.255.255.255 any
> >>>access-list 111 deny   ip 127.0.0.0 0.255.255.255 any
> >>>access-list 111 deny   ip 172.0.0.0 0.255.255.255 any  <<<<<<<
> >>>access-list 111 deny   ip 192.0.0.0 0.255.255.255 any  <<<<<<<
> >>>access-list 111 permit ip any any
> >
> Shep, et al,
> 
> Uh, aren't the last two entries a bit too broad in scope?  Shouldn't they 
> really be:
> 
> access-list 111 deny   ip 172.16.0.0 0.15.255.255 any
> access-list 111 deny   ip 192.168.0.0 0.0.255.255 any

Good point. For the reference, here is a snip from RFC1918:

3. Private Address Space

   The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private internets:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)


 
> to match RFC1918 ranges?
> 
> Also, are you using these in 'sa-filter' lists or 'sa redistribute' lists 
> or both?

I currently have confi'd this for 'sa-filter'. Can you explain the
difference?

Thanks,
Greg
 
> Beau
> 
>