R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

591

592

593

594

595

596

597

598

599

600

568

Because a non-BSR router refreshes its C-RP timeout time through BSR bootstrap messages, to prevent loss

of C-RP information in BSR bootstrap messages, make sure that the C-RP timeout time is not smaller than

the interval at which the BSR sends bootstrap messages. The recommended C-RP timeout setting is 2.5

times the BS period or longer.

Related commands: c-bsr interval and c-rp.

Examples

# Set the global C-RP timeout time to 200 seconds in the public network.

<Sysname> system-view

[Sysname] pim

[Sysname-pim] c-rp holdtime 200

crp-policy (PIM view)

Syntax

crp-policy acl-number

undo crp-policy

View

Public network PIM view

Default level

2: System level

Parameters

acl-number: Advanced ACL number, in the range of 3000 to 3999. When the ACL is defined, the source

keyword in the rule command specifies the address of a C-RP and the destination keyword specifies the

address range of the multicast groups that the C-RP will serve.

Description

Use crp-policy to configure a legal C-RP address range and the range of served multicast groups, so as

to guard against C-RP spoofing.

Use undo crp-policy to remove the restrictions in C-RP address ranges and the ranges of served multicast

groups.

By default, no restrictions are defined for C-RP address ranges and the address ranges of served groups.

Namely, all received C-RP messages are accepted.

The crp-policy command filters the multicast group ranges advertised by C-RPs based on the group

prefixes. For example, if the multicast group range advertised by a C-RP is 224.1.0.0/16 and the legal

group range defined by the crp-policy command is 224.1.0.0/30, the multicast groups in the range of

224.1.0.0/16 are allowed to pass.

Related commands: c-rp.

Examples

# In the public network, configure a C-RP policy so that only devices in the address range of 1.1.1.1/24

can be C-RPs that serve multicast groups in the address range of 225.1.1.0/24.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit ip source 1.1.1.1 0.0.0.255 destination 225.1.1.0

0.0.0.255