Configuring PIM Silent

On the access layer, the interface directly connected to hosts needs to be enabled with PIM. You can establish the PIM neighbor relationship on the interface to process various PIM packets. The configuration, however, has potential risks of security. When a host maliciously generates PIM Hello packets and sends the packets in large quantity, the FW may fail.

To solve the problem, set the status of the interface to PIM silent. When the interface is in PIM silent state, the interface is prevented from receiving and forwarding any PIM packet. All PIM neighbors and PIM state machines on the interface are deleted. The interface acts as the static DR and immediately takes effect. At the same time, IGMP on the interface is not affected.

PIM silent is applicable only to the interface directly connected to the host network segment that is connected only to this FW.

If PIM silent is enabled on the interface connected to a FW, the PIM neighbor relationship cannot be set up and a multicast fault may occur.

If the host network segment is connected to multiple FWs and PIM silent is enabled on multiple interfaces, the interfaces become static DRs. Therefore, multiple DRs exist in this network segment, and a fault occurs.