Enabling PIM passive mode
To guard against PIM hello spoofing, you can enable PIM passive mode on an interface which is directly connected to user hosts. The PIM passive interface cannot receive or forward PIM protocol messages (excluding register, register-stop and C-RP-Adv messages), and it acts as the DR on the subnet. In BIDIR-PIM, it also acts as the DF.
Configuration guidelines
When you enable PIM passive mode, follow these restrictions and guidelines:
This feature takes effect only when PIM-DM or PIM-SM is enabled on the interface.
Do not enable this feature on a shared-media LAN with multiple PIM routers. If you do this, the PIM passive interface might become a second DR and DF on the subnet. This will cause duplicate data and flow loop.
Configuration procedure
To enable PIM passive mode on an interface:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Enable PIM passive mode on the interface. | pim passive | By default, PIM passive mode is disabled. |