The pim join-policy command enables the system to filter join information in Join/Prune messages.
The undo pim join-policy command restores the default setting.
By default, join information in Join/Prune message is not filtered.
pim join-policy { asm { basic-acl-number } | ssm { advanced-acl-number } | advanced-acl-number }
undo pim join-policy [ asm | ssm ]
| Parameter | Description | Value |
|---|---|---|
| asm | Filters join information, with the group address in the ASM group address range. | - |
| basic-acl-number | Specifies the basic ACL number. | The value is an integer that ranges from 2000 to 2999. |
| ssm | Filters join messages, with the group addresses within the SSM group address range and specified source address. | - |
| advanced-acl-number | Specifies the advanced ACL number. | The value is an integer that ranges from 3000 to 3999. |
GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, GE sub-interface view, XGE sub-interface view, MultiGE sub-interface view, 25GE sub-interface view, 40GE sub-interface view, 100GE sub-interface view, Eth-Trunk sub-interface view, VLANIF interface view, loopback interface view, tunnel interface view
Usage Scenario
To prevent unauthorized users from joining multicast groups on a PIM-SM network by filtering join information in Join/Prune messages, run the pim join-policy command.
Prerequisites
IP multicast routing has been enabled using the multicast routing-enable command.
Configuration Impact
The pim join-policy command is valid for only PIM-SM.
If asm is specified, you can set the multicast group address range of join information in the basic ACL view by specifying the source parameter in the rule command.
If ssm is specified, you can set the source address range and multicast group address range of join information in the advanced ACL view by specifying the source parameter and destination parameter in the rule command.
<HUAWEI> system-view [HUAWEI] acl number 2001 [HUAWEI-acl-basic-2001] rule permit source 225.1.0.0 0.0.255.255 [HUAWEI-acl-basic-2001] quit [HUAWEI] multicast routing-enable [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] pim join-policy asm 2001
<HUAWEI> system-view [HUAWEI] acl number 2001 [HUAWEI-acl-basic-2001] rule permit source 225.1.0.0 0.0.255.255 [HUAWEI-acl-basic-2001] quit [HUAWEI] multicast routing-enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] pim join-policy asm 2001