< Home

Configuring Filtering Rules Based on Source Addresses

After ACL rules are configured, a multicast device can filter the received multicast packets based on source addresses or source/group addresses.

Context

A PIM device checks the passing multicast data. By checking whether the data matches the filtering rule, the router determines whether to forward the data. In this case, you can regard the router as the filter of the multicast data. The filter helps to control the data flow and limit the information that downstream receivers can obtain. Network security is thus ensured.

Procedure

  1. Access the system view.

    system-view

  2. Configure a basic or an advanced ACL as needed.

    • Configure a basic ACL.

      1. Run the acl [ number ] acl-number [ vpn-instance vpn-instance-name ] command to create a basic ACL and access its view.

      2. Run the rule [ rule-id ] { deny | permit } source { source-ip-address { 0 | source-wildcard } | address-set address-set-name | any } command to configure rules for the basic ACL.

    • Configure an advanced ACL.

      1. Run the acl [ number ] acl-number [ vpn-instance vpn-instance-name ] command to create an advanced ACL and access its view.

      2. Run the rule [ rule-id ] { permit | deny } protocol [ source { source-ip-address { 0 | source-wildcard } | address-set address-set-name | any } | destination { destination-ip-address { 0 | destination-wildcard } | address-set address-set-name | any } ] * command to configure rules for the advanced ACL.

    If a basic ACL is used, run the rule command and set the source parameter to the source address of multicast packets.

    If an advanced ACL is used, run the rule command, set the source parameter to the source address of multicast packets, and set the destination parameter to a multicast group address.

  3. Return to the system view.

    quit

  4. Access the PIM view.

    pim [ vpn-instance vpn-instance-name ]

  5. Configure the filter.

    source-policy acl-number

    The effect of the filtering is more obvious if the filter is closer to the source.

    The source-policy command does not filter the static (S, G) entries and the PIM entries of the Join messages received from private networks.

    • If a multicast data packet matches an ACL rule and the action is permit, the device permits this packet.
    • If a multicast data packet matches an ACL rule and the action is deny, the device denies this packet.
    • If a multicast data packet does not match any ACL rule, the device denies this packet.
    • If a specified ACL does not exist or does not contain rules, the device denies all multicast data packets.

Parent Topic: Adjusting Control Parameters of a Multicast Source
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic