accept-rp
Syntax
accept-rp <IPv6-ADDR> access-list <ACL-RULE>
no accept-rp <IPv6-ADDR> access-list <ACL-RULE>
Description
Enables PIM router to filter PIM join/prune messages destined for a specific RP and specific groups. The ACL specifies the group addresses which are allowed or denied. Up to 8 RP addresses and group ACL can be associated with the PIM router.
The
no
form of this command removes the currently configured ACL rule.
Command context
config-pim6
Parameters
<IPv6-ADDR>
Specifies an address in IPv6 format (
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
), wherex
is a hexadecimal number from 0 to F.<ACL-RULE>
Specifies the ACL rule name.
Authority
Administrators or local user group members with execution rights for this command.
Usage
PIM will store the accepted RP address and the associated group ACL. When a join or prune message is received, a RP look up is made for the packet. If the RP is in the configured list and if the group in the join/prune packet is allowed in the ACL, the packet is allowed. Otherwise the packet is dropped.
To allow join/prune message from any groups, group address in the ACL can be wild-carded. In this case, only RP address check is performed.
This command impacts only (*,G) join/prune messages. If there are any existing flows, the user will need to disable and enable PIM on the interface to apply the ACL.
Loopback interfaces are special interfaces where only unicast PIM messages are updated. This includes Register, Register Stop, and Candidate RP Advertisements.
When a loopback interface is configured as the RP, the ACL drop counters will be updated on the interface on which the packets are received.
If there is an active flow which is in the SPT, the traffic flow through the SPT will continue. Only (*,G) join/prune messages are dropped. (S,G) join/prune messages will not be impacted.
Examples
Configuring ACL on RP with an ACL rule named
pim_rpv6_grp_acl
to filter join/prune messages:
switch(config-pim)# access-list ip pim_rpv6_grp_acl switch(config-acl-ipv6)# 10 permit any any ff2e::2/64 switch(config-acl-ipv6)# 20 permit any any ff1e::1/64 switch(config-acl-ipv6)# router pim6 switch(config-pim6)# accept-rp 30::1 access-list pim_rpv6_grp_acl