accept-register access-list
Syntax
accept-register access-list <ACL-RULE>
no accept-register access-list <ACL-RULE>
Description
Configures ACL on RP to filter PIM Register packets from unauthorized sources. The ACL specified will contain the (S,G) traffic in register packets to permitted or denied.
The
no
form of this command removes the currently configured ACL rule.
Command context
config-pim
Parameters
<ACL-RULE>
Specifies the ACL rule name.
Authority
Administrators or local user group members with execution rights for this command.
Usage
When register ACL is associated with a PIM Router, PIM protocol will store the source and destination address details along with the action (permit or deny). If there are any existing flows, the user will need to disable and enable PIM on the interface to apply the ACL.
Upon receiving the register messages, a look up is made to check if the S and G in the packet is in the permitted list. If there is no match or if there is a deny rule match, a register stop message is immediately sent and the packet is dropped and no further action is taken. Permitted packets will go through the normal flow.
Loopback interfaces are special interfaces where only unicast PIM messages are updated. This includes Register, Register Stop, and Candidate RP Advertisements.
When a loopback interface is configured as the RP, the ACL drop counters will be updated on the interface on which the packets are received.
Examples
Configuring ACL on RP with an ACL rule named
pim_reg_acl
:
switch(config)# access-list ip pim_reg_acl switch(config-acl-ip)# 10 permit any 20.1.1.1 225.1.1.2 switch(config-acl-ip)# 20 deny any 30.1.1.1 225.1.1.3 switch(config)# router pim switch(config-pim)# accept-register access-list pim_reg_acl