Hello,
I was just reading these days some multicast and i noticed that something was not working as expected.
The topology is as below with PIM-SM everywhere, R5's loopback 120.1.5.5 as RP. R6's Lo0 joined 224.1.1.10
On Router R5 before multicast boundary
R5#show ip mroute 224.1.1.10
(*, 224.1.1.10), 00:39:32/00:03:14, RP 120.1.5.5, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0.56, Forward/Sparse, 00:14:56/00:03:14
Configuration for Multicast Boundary
!
R5(config)#do show run | s access-list
access-list 10 deny 224.1.1.10
access-list 10 permit any
!
R5(config-subif)#do show run int e0/0.56
!
interface Ethernet0/0.56
ip multicast boundary 10 in
!
After this, I would expect that PIM Join messages for (*,224.1.1.10) will be dropped inbound on e0/0.56, however apparently that's not the case.
R5(config-subif)#do show ip mroute 224.1.1.10
(*, 224.1.1.10), 00:02:58/00:03:29, RP 120.1.5.5, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0.56, Forward/Sparse, 00:01:00/00:03:29
!
Based on these results a ping from R3 to 224.1.1.10 is successfull
R5(config-subif)#do show ip mroute 224.1.1.10
(*, 224.1.1.10), 00:04:51/stopped, RP 120.1.5.5, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0.56, Forward/Sparse, 00:02:53/00:02:34
(125.1.123.3, 224.1.1.10), 00:00:05/00:02:54, flags:
Incoming interface: Ethernet0/0.15, RPF nbr 125.1.15.1
Outgoing interface list:
Ethernet0/0.56, Forward/Sparse, 00:00:05/00:03:24
The question is WHY? Isn't "ip multicast boundary <ACL> in" supposed to filter control plane traffic(PIM Join, IGMP) according to ACL?