Configuring PIM Neighbor Filtering

Context

The switch supports different neighbor filtering policies to ensure secure and effective multicast transmission in an IPv6 PIM-DM domain. Perform the following operations to filter neighbors:

Configure a valid neighbor address range to prevent unauthorized neighbors from connecting to the network.
Configure the switch to reject Hello messages without Generation IDs so that the switch connects only to normally working PIM neighbors.

Procedure

Run system-view
The system view is displayed.
Run interface interface-type interface-number
The interface view is displayed.
(Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
Run pim ipv6 neighbor-policy basic-acl6-number
The range of valid neighbor addresses is configured.
- The switch will no longer receive Hello messages from IPv6 PIM neighbors whose IP addresses are not within the configured valid range. When the holdtime of Hello messages expires, the neighbor relationship between these IPv6 PIM devices and the switch will be terminated.
- When configuring an ACL rule for the interface, use the permit parameter to configure the interface to accept only Hello messages with source addresses in a specified range. If no rule is configured in the ACL, the interface discards Hello messages from all source addresses.
Run pim ipv6 require-genid
The switch is configured to receive only Hello messages that contain Generation IDs.