IP multicast PIM neighbor filter
The IP multicast PIM neighbor filter feature allows you to control which devices can be PIM neighbors.
When two PIM-enabled neighbor devices exchange Hello packets at regular intervals they become PIM neighbors by default. The IP multicast PIM neighbor filter feature gives you more control over which devices can be PIM neighbors by configuring the ip pim neighbor-filter command or ipv6 pim neighbor-filter command. You can configure the ACL to filter PIM Hello packets from sources you want to deny or allow, thereby controlling those devices' eligibility to become PIM neighbors.
Device 1 | Device 2 |
access-list 10 deny host 10.0.0.2 access-list 10 permit any interface ethernet 1/1/1 enable ip address 10.0.0.1/24 ip pim-sparse ip pim neighbor-filter 10 |
interface ethernet 1/1/2 enable ip address 10.0.0.2/24 ip pim-sparse |
Limitations
ACLs deny all access by default and you must configure the access-list permit command to permit access to one or more devices. You can configure the access-list permit all command on an interface to permit traffic on the interface to pass through without filtering.
An interface can have only one ACL configured on it.
There are no checks to validate whether an ACL applies to an interface. If the interface has no ACL, a warning that no filtering can occur is displayed.
The IP multicast PIM neighbor filter feature supports a maximum of 128 PIM neighbor filters for both IPv4 and IPv6.
Precedence-value matching in extended-ACL configurations is not supported. Refer to the FastIron Security Configuration Guide for information on ACLs.