wg-multicast - RE: dynamic access controll on multicast groups
Subject: All things related to multicast
List archive
- From: "Lee, Kang" <>
- To: <>, <>
- Subject: RE: dynamic access controll on multicast groups
- Date: Mon, 12 Nov 2007 12:19:43 -0600
This is for igmp profileing.
It is layer 2 technique that you can filter igmp group joins on only layer 2
interface.
This is closest for static RP configuration in sparse mode.
You can also look for "ip igmp access-group". It suppose to do the same thing
but there are a lot of posts for these issues. I think profiling works little
better and less trouble. Still both of methods are not intuitive.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/multi.html
Thanks
-----Original Message-----
From:
[mailto:]
Sent: Sunday, November 11, 2007 3:13 PM
To: Lee, Kang;
Subject: RE: dynamic access controll on multicast groups
Hi Kang,
Thanks for your responds. I seem to believe also this is far from easy.
Nevertheless on basis of your answer, i will continue to investigate the
possibilities here.
Anyhow this document would be nice to have to start with at first.
regards,
Ruud Toonders
---- "Lee schreef:
> In Cisco case, there are no well defined mechanism but still have few
> method to achieve your goal.
>
>
>
> IGMP runs on switch level and that is last mile for the users. So if you
> control access to IGMP group, you can do some level of access control
> but this is pretty tough to do on each user based. In Cisco, these are
> called multicast profiling and igmp access-group. I can send you more
> detail doc. It is not intuitive.
>
>
>
> Then you can control which rp is hadnlding what groups by putting some
> more filter. Again this does not work as way as typical access list.
>
>
>
> To control each user, it is possible but it is almost impractical. That
> is how much I know.
>
>
>
> Thanks
>
>
>
> From: Ruud Toonders
> [mailto:]
>
> Sent: Sunday, November 11, 2007 4:06 AM
> To:
>
> Subject: dynamic access controll on multicast groups
>
>
>
> Hi All,
>
>
>
> I am bit of a newbie in this, but does anybody know how I can
> dynamically do access control on multicast group reception?
>
>
>
> For example:
>
> I have different multicast groups A,B,C for usergroups gA, gB, gC.
>
> Normally I can assign VLANs and setup ACL's in such a way that for
> example:
>
> -users to gA can only see Group A
>
> -users to gB can only see Group A,B
>
> -users to gC can only see Group B,C
>
>
>
> However as soon as a user belonging to gB gets the new access right to
> belong to group gC, then manually we need to reassign the VLAN again for
> him.
>
> Is there a simpler/easier way of doing this preferably from an external
> piece of software or software interface?
>
>
>
> Regards,
>
>
>
> Ruud Toonders
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.15.28/1123 - Release Date:
> 10/11/2007 15:47
>
- dynamic access controll on multicast groups, Ruud Toonders, 11/11/2007
- RE: dynamic access controll on multicast groups, Lee, Kang, 11/11/2007
- RE: dynamic access controll on multicast groups, Richard Mavrogeanes, 11/11/2007
- <Possible follow-up(s)>
- RE: dynamic access controll on multicast groups, r.toonders, 11/11/2007
- RE: dynamic access controll on multicast groups, Lee, Kang, 11/12/2007
- Re: dynamic access controll on multicast groups, Lee, Kang, 11/11/2007
- RE: dynamic access controll on multicast groups, Lee, Kang, 11/11/2007
Archive powered by MHonArc 2.6.16.