When two unrestricted stacks running OMPROUTE are attached
to a common subnetwork that is neither XCF or IUTSAMEHOST, adjacency
errors occur. You can avoid these adjacency failures by preventing
OMPROUTE from receiving multicast datagrams from partners with which
it cannot communicate.
Procedure
Perform the following steps to prevent OMPROUTE from
receiving multicast datagrams from partners with which it cannot communicate.
- Create a network security zone named URXCF for all interface
addresses in XCF or IUTSAMEHOST networks on unrestricted stacks:
- Define a generic SERVAUTH NETACCESS profile for this
zone with the following RACF® command:
RDEFINE SERVAUTH EZB.NETACCESS.*.*.URXCF UACC(READ) SECLABEL(SYSMULTI)
- Modify the common NETACCESS profile to define the addresses
in this zone:
NETACCESS
192.168.10.0/24 URXCF ; xcf subnet perhaps
10.254.254.0/24 URXCF ; IUTSAMEHOST subnet perhaps
ENDNETACCESS
- Create a network security zone named UROTHER for all interface
addresses in other network types on other unrestricted stacks:
- Define a generic SERVAUTH NETACCESS profile for this
zone with the following RACF command:
RDEFINE SERVAUTH EZB.NETACCESS.*.*.UROTHER UACC(READ) SECLABEL(SYSMULTI)
- Prevent the OMPROUTE running for each unrestricted stack
from receiving datagrams from this zone with the following RACF command:
PERMIT EZB.NETACCESS.*.*.UROTHER CLASS(SERVAUTH) ID(ompurid) ACCESS(NONE)
- Modify the common NETACCESS profile to define the addresses
in this zone:
NETACCESS
10.254.1.0/24 UROTHER ; ethernet subnet perhaps
ENDNETACCESS
- Create a network security zone named URLOCAL for all interface
addresses in other network types on each specific unrestricted stack.
OMPROUTE is permitted to use this local interface to connect to adjacent
OMPROUTE daemons on adjacent restricted stacks.
- Define a generic SERVAUTH NETACCESS profile for this
zone with the following RACF command:
RDEFINE SERVAUTH EZB.NETACCESS.*.*.URLOCAL UACC(READ) SECLABEL(SYSMULTI)
- Modify the local NETACCESS profile for each stack to
define the local addresses in this zone:
NETACCESS
10.254.1.17/32 URLOCAL ; local address in ethernet subnet perhaps
ENDNETACCESS