accept-register access-list
Syntax
accept-register access-list <ACL-RULE>
no accept-register access-list <ACL-RULE>
Description
Configures ACL on RP to filter PIM Register packets from unauthorized sources. The ACL specified will contain the (S,G) traffic in register packets to permitted or denied.
The
no
form of this command removes the currently configured ACL rule.
Command context
config-pim6
Parameters
<ACL-RULE>
Specifies the ACL rule name.
Authority
Administrators or local user group members with execution rights for this command.
Usage
When register ACL is associated with a PIM Router, PIM protocol will store the source and destination address details along with the action (permit or deny).
Upon receiving the register messages, a look up is made to check if the S and G in the packet is in the permitted list. If there is no match or if there is a deny rule match, a register stop message is immediately sent and the packet is dropped and no further action is taken. Permitted packets will go through the normal flow.
Loopback interfaces are special interfaces where only unicast PIM messages are updated. This includes Register, Register Stop, and Candidate RP Advertisements.
When a loopback interface is configured as the RP, the ACL drop counters will be updated on the interface on which the packets are received.
Examples
Configuring ACL on RP with an ACL rule named
pim_regv6_acl
:
switch(config)# access-list ipv6 pim_regv6_acl switch(config-acl-ipv6)# 10 permit any 20.::1 ff1e::1 switch(config-acl-ipv6)# 20 deny any 30::1 ff1e::3 switch(config)# router pim6 switch(config-pim6)# accept-register access-list pim_regv6_acl