HP VPN Firewall Appliances Network Management Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

641

642

643

644

645

646

647

648

649

650

618

Examples

# Set the global C-RP timeout timer to 200 seconds on the public network.

<Sysname> system-view

[Sysname] pim

[Sysname-pim] c-rp holdtime 200

Related commands

• c-bsr interval

• c-rp

crp-policy (PIM view)

Use crp-policy to configure a legal C-RP address range and the range of served multicast groups, in

order to guard against C-RP spoofing.

Use undo crp-policy to remove the restrictions in C-RP address ranges and the ranges of served multicast

groups.

Syntax

crp-policy acl-number

undo crp-policy

Default

No restrictions are defined for C-RP address ranges and the address ranges of served groups. Namely,

all received C-RP messages are accepted.

Views

Public network PIM view

Default command level

2: System level

Parameters

acl-number: Specifies an advanced ACL, in the range of 3000 to 3999. When the ACL is defined, the

source keyword in the rule command specifies the address of a C-RP and the destination keyword

specifies the address range of the multicast groups that the C-RP will serve.

Usage guidelines

The crp-policy command filters the multicast group ranges advertised by C-RPs based on the group

prefixes. For example, if the multicast group range that a C-RP advertises is 224.1.0.0/16 and the legal

group range that the crp-policy command defines is 224.1.0.0/30, the multicast groups in the range of

224.1.0.0/16 can pass.

Examples

# On the public network, configure a C-RP policy so that only devices in the address range of 1.1.1.1/24

can be C-RPs that serve multicast groups in the address range of 225.1.1.0/24.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit ip source 1.1.1.1 0.0.0.255 destination 225.1.1.0

0.0.0.255

[Sysname-acl-adv-3000] quit