All things related to multicast

[Bill Owens <>]

On Tue, Sep 13, 2005 at 12:18:27PM -0400, John Center wrote:
> Hi,
> 
> I have a very simple outbound ACL on our I2 interface that prevents 
> someone from our network spoofing other addresses.  I have a "deny any 
> log-input" statement to catch what interface the spoofed address is 
> coming from.  I've have seen a number of messages logged that look like 
> this:
> 
> Sep 13 08:49:48.949 EDT: %SEC-6-IPACCESSLOGP: list OUT-I2-ACCESS denied 
> udp 128.59.31.169(1027) (Tunnel0 ) -> 224.2.127.254(9875), 1 packet
> 
> We tunnel our multicast traffic to the campus, but I don't understand 
> why we would see a packet sourced from outside our network to the 
> SAP/SDR address.  This is probably something obvious, but not to me... ;-)
> 
> An explanation would be greatly appreciated.

Is your router configured to listen to SAP/SDR? I can't remember the config 
command offhand but it should be obvious in your config, or you can try "show 
ip sap" or "show ip sdp". I think you should also be able to check with a 
"show ip igmp groups" and see whether the router itself is listening to the 
group.

Bill.