Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
461462463464465466467468469470
455
Maximum size of join/prune messages
Maximum number of (S, G) entries in a join/prune message
Configuring a multicast data filter
No matter in a PIM-DM domain or a PIM-SM domain, routers can check passing-by multicast data based
on the configured filtering rules and determine whether to continue forwarding the multicast data. In
other words, PIM routers can act as multicast data filters. These filters can help implement traffic control
on one hand, and control the information available to receivers downstream to enhance data security on
the other hand.
Follow these steps to configure a multicast data filter:
To do... Use the command... Remarks
Enter system view
system-view
Enter public instance PIM view
pim
Configure a multicast group filter
source-policy acl-number
Required
No multicast data filter by default
NOTE:
Generally, a smaller distance from the filter to the multicast source results in a more remarkable filterin
g
effect.
This filter works not only on independent multicast data but also on multicast data encapsulated in
register messages.
Configuring a hello message filter
Along with the wide applications of PIM, the security requirement for the protocol is becoming more and
more demanding. The establishment of correct PIM neighboring relationships is the prerequisite for
secure application of PIM. You can configure a legal source address range for hello messages on
interfaces of routers to ensure the correct PIM neighboring relationships, and thus to guard against PIM
message attacks.
Follow these steps to configure a hello message filter:
To do... Use the command... Remarks
Enter system view
system-view
Enter interface view
interface interface-type
interface-number
Configure a hello message filter pim neighbor-policy acl-number
Required
No hello message filter by default.
NOTE:
W
ith the hello messa
g
e filter configured, if hello messages of an existing PIM neighbor fail to pass the
filter, the PIM neighbor will be removed automatically when it times out.
Configuring PIM hello options
No matter in a PIM-DM domain or a PIM-SM domain, the hello messages sent among routers contain
many configurable options, including: