Access Control and Added Options
It is accessible to bind admission to multicast transmissions application the accepted PIX
means: admission lists. In the above-mentioned case with hosts on the central interface, we
could bind the groups from which the centralized hosts can accept transmissions.
For example, to acquiesce alone multicast transmissions to a accumulation abode 224.1.1.1,
you should actualize an admission account agnate to this:
PXI1(config)# access-list 10 admittance igmp any 224.1.1.1 255.255.255.255
Then administer it to the alfresco interface:
PIX1(config)# multicast interface outside
PIX1(config-multicast)# igmp access-group 10
Now alone IGMP acclamation for accumulation 224.1.1.1 will be able to canyon through PIX,
and appropriately alone associates of this accumulation will be accepted to a multicast router.This
prevents the router from sending cartage destined for any added accumulation abode in
this direction.
Other subcommands of the multicast command include:
www.syngress.com
208 Chapter 4 • Advanced PIX Configurations
igmp query-interval
This command sets the breach at which IGMP letters will be beatific out this
interface.The absence breach is 60 seconds.The best abeyance for response
(for IGMP adaptation 2 only) can be set using:
igmp query-max-response-time
The absence ambience is 10 seconds.
Configured settings can be austere application agnate bright commands.The
following command clears the IGMP accumulation either for a specific accumulation abode or
the accomplished accumulation on the defined interface:
clear igmp accumulation [
The afterward command clears multicast routes for defined transmission
source, for a accumulation address, or all routes on the interface:
clear mroute [
Another set of commands allows examination of multicast agreement for the
interface, multicast group, routes, and so on:
show igmp
show multicast [interface
show igmp accumulation [grou
show mroute [
An archetype achievement of the appearance igmp command is:
pix(config)# appearance igmp
IGMP is enabled on interface inside
Current IGMP adaptation is 2
IGMP concern breach is 60 seconds
IGMP concern abeyance is 125 seconds
IGMP max concern acknowledgment time is 10 seconds
Last affiliate concern acknowledgment breach is 1 seconds
Inbound IGMP admission accumulation is
IGMP activity: 0 joins, 0 leaves
IGMP querying router is 10.0.1.1 (this system)
IGMP Connected Accumulation Membership
Group Abode Interface Uptime Expires Last Reported
www.syngress.com
Advanced PIX Configurations • Chapter 4 209
Two alter commands acquiesce ecology of multicast-related events.This command
monitors all IGMP letters casual through the PIX:
debug igmp
The afterward command monitors all contest accompanying to multicast forwarding:
debug mfwd