I have in a network one vlan igmp enabled, the streaming server and the clients are all connected to that vlan.
Nevertheless the core switch has an IP address (VRRP) in order to act as an IGMP querier.
Now I want to prevent that clients inside this subnet can reach the rest of my other network except one SIP server
Therefore I cam up with following access-list
ip access-list extended "IPTV"
10 permit ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
20 permit igmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
30 permit udp 0.0.0.0 255.255.255.255 239.192.50.50 0.0.0.0 eq 2209
50 remark "VoIP_SIP to PBX"
50 permit udp 172.27.0.0 0.0.8.255 10.1.4.1 0.0.0.0 eq 5060
60 remark "VoIP_rtp to PBX"
60 permit udp 172.27.0.0 0.0.8.255 10.1.4.1 0.0.0.0 gt 24000
70 permit ip 172.27.0.0 0.0.8.255 172.25.0.0 0.0.8.255
100 permit ip 0.0.0.0 255.255.255.255 224.0.0.0 15.255.255.255
exit
As soon as I apply this ACL to the VLAN interface my streaming stops at the clients
vlan 600
ip access-group "iptv" vlan
exit
something is wrong on my ACL but I do not see it...
#IGMP#multicast#ACL