- Read Me First
- IP Multicast Technology Overview
- Configuring Basic IP Multicast
- Configuring Basic IP Multicast in IPv6 Networks
- Using MSDP to Interconnect Multiple PIM-SM Domains
- PIM Allow RP
- Configuring Source Specific Multicast
- Tunneling to Connect Non-IP Multicast Areas
- Automatic Multicast Tunneling
- BFD Support for Multicast (PIM)
- HSRP Aware PIM
- VRRP Aware PIM
- Verifying IP Multicast Operation
- Monitoring and Maintaining IP Multicast
- Multicast User Authentication and Profile Support
- IPv6 Multicast: Bootstrap Router
- IPv6 Multicast: PIM Sparse Mode
- IPv6 Multicast: Static Multicast Routing for IPv6
- IPv6 Multicast: PIM Source-Specific Multicast
- IPv6 Source Specific Multicast Mapping
- IPv6 Multicast: Explicit Tracking of Receivers
- IPv6 Bidirectional PIM
- IPv6 PIM Passive Mode
- IPv6 Multicast: Routable Address Hello Option
- PIMv6 Anycast RP Solution
- MTR in VRF
- Finding Feature Information
- Restrictions for Multicast User Authentication and Profile Support
- Information About Multicast User Authentication and Profile Support
- How to Configure Multicast User Authentication and Profile Support
- Configuration Examples for Multicast User Authentication and Profile Support
- Additional References for IPv6 Services: AAAA DNS Lookups
- Feature Information for Multicast User Authentication and Profile Support
Multicast User Authentication and Profile Support
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Multicast User Authentication and Profile Support
The port, interface, VC, or VLAN ID is the user or subscriber identity. User identity by hostname, user ID, or password is not supported.
Information About Multicast User Authentication and Profile Support
IPv6 Multicast User Authentication and Profile Support
IPv6 multicast by design allows any host in the network to become a receiver or a source for a multicast group. Therefore, multicast access control is needed to control multicast traffic in the network. Access control functionality consists mainly of source access control and accounting, receiver access control and accounting, and provisioning of this access control mechanism.
Multicast access control provides an interface between multicast and authentication, authorization, and accounting (AAA) for provisioning, authorizing, and accounting at the last-hop device, receiver access control functions in multicast, and group or channel disabling capability in multicast.
When you deploy a new multicast service environment, it is necessary to add user authentication and provide a user profile download on a per-interface basis. The use of AAA and IPv6 multicast supports user authentication and downloading of the user profile in a multicast environment.
The event that triggers the download of a multicast access-control profile from the RADIUS server to the access device is arrival of an MLD join on the access device. When this event occurs, a user can cause the authorization cache to time out and request download periodically or use an appropriate multicast clear command to trigger a new download in case of profile changes.
Accounting occurs via RADIUS accounting. Start and stop accounting records are sent to the RADIUS server from the access device. In order for you to track resource consumption on a per-stream basis, these accounting records provide information about the multicast source and group. The start record is sent when the last-hop device receives a new MLD report, and the stop record is sent upon MLD leave or if the group or channel is deleted for any reason.
How to Configure Multicast User Authentication and Profile Support
Enabling AAA Access Control for IPv6 Multicast
1.
enable
2.
configure
terminal
3.
aaa
new-model
DETAILED STEPS
| Command or Action | Purpose |
|---|
Specifying Method Lists and Enabling Multicast Accounting
1.
enable
2.
configure
terminal
3.
aaa
authorization
multicast
default
[method3 |
method4
4.
aaa
accounting
multicast
default
[start-stop |
stop-only] [broadcast] [method1] [method2] [method3] [method4
5.
interface
type
number
6.
ipv6
multicast
aaa
account
receive
access-list-name
[throttle
throttle-number
DETAILED STEPS
Disabling the Device from Receiving Unauthenticated Multicast Traffic
In some situations, access control may be needed to prevent multicast traffic from being received unless the subscriber is authenticated and the channels are authorized as per access control profiles. That is, there should be no traffic at all unless specified otherwise by access control profiles.
1.
enable
2.
configure
terminal
3.
ipv6
multicast
group-range
[access-list-name]
DETAILED STEPS
Configuration Examples for Multicast User Authentication and Profile Support
Example: Enabling AAA Access Control, Specifying Method Lists, and Enabling Multicast Accounting for IPv6
Device(config)# aaa new-model Device(config)# aaa authorization multicast default Device(config)# aaa accounting multicast default Device(config)# interface FastEthernet 1/0 Device(config-if)# ipv6 multicast aaa account receive list1
Additional References for IPv6 Services: AAAA DNS Lookups
Related Documents
Related Topic |
Document Title |
|---|---|
|
IPv6 addressing and connectivity |
IPv6 Configuration Guide |
|
IPv4 services configuration |
IP Application Services Configuration Guide |
|
Cisco IOS commands |
|
|
IPv6 commands |
Cisco IOS IPv6 Command Reference |
|
Cisco IOS IPv6 features |
Standards and RFCs
Standard/RFC |
Title |
|---|---|
|
RFCs for IPv6 |
IPv6 RFCs |
MIBs
|
MIB |
MIBs Link |
|---|---|
|
None. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Multicast User Authentication and Profile Support
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Multicast User Authentication and Profile Support |
12.4(4)T Cisco IOS XE Release 3.8S |
Multicast access control provides an interface between multicast and AAA for provisioning, authorizing, and accounting at the last-hop router, receiver access control functions in multicast, and group or channel disabling capability in multicast. The following commands were introduced or modified: aaa accounting multicast default, aaa authorization multicast default, clear ipv6 multicast aaa authorization, ipv6 multicast aaa account receive. |
Feedback