Configuring Filtering Rules Based on Source Addresses
After ACL rules are configured, a multicast device can filter the received multicast packets based on source addresses or source/group addresses.
Prerequisites
Before adjusting control parameters for a multicast source, complete the following tasks:
Configuring a unicast routing protocol
Procedure
- Access the system view.
- Configure a basic or an advanced ACL as needed.
Configure a basic ACL.
Configure an advanced ACL.
Run the acl [ number ] acl-number [ vpn-instance vpn-instance-name ] command to create an advanced ACL and access its view.
Run the rule [ rule-id ] { permit | deny } protocol [ source { source-ip-address { 0 | source-wildcard } | address-set address-set-name | any } | destination { destination-ip-address { 0 | destination-wildcard } | address-set address-set-name | any } ] * command to configure rules for the advanced ACL.
If a basic ACL is used, run the rule command and set the source parameter to a multicast source address.
If an advanced ACL is used, run the rule command, set the source parameter to a multicast source address, and set the destination parameter to a multicast group address.
- Return to the system view.
- Access the PIM view.
pim [ vpn-instance vpn-instance-name ]
- Configure a filter.
source-policy acl-number
The source-policy command does not filter the static (S, G) entries and the PIM entries of the Join messages received from private networks.
- If a multicast data packet matches an ACL rule and the action is permit, the device permits this packet.
- If a multicast data packet matches an ACL rule and the action is deny, the device denies this packet.
- If a multicast data packet does not match any ACL rule, the device denies this packet.
- If a specified ACL does not exist or does not contain rules, the device denies all multicast data packets.