crp-policy (PIM view)
Use crp-policy to configure a C-RP policy.
Use undo crp-policy to restore the default.
Syntax
crp-policy ipv4-acl-number
undo crp-policy
Default
No C-RP policy exists, and all C-RP messages are regarded as legal.
Views
PIM view
Predefined user roles
network-admin
mdc-admin
Parameters
ipv4-acl-number: Specifies an IPv4 advanced ACL number in the range of 3000 to 3999.
Usage guidelines
A C-RP policy filters C-RP advertisement messages to guard against C-RP spoofing.
The device uses only the prefixes of the multicast group ranges in advertisement messages to match the destination field in ACL rules. For example, the multicast group range in an advertisement message is 224.1.0.0/16. If the prefix 224.1.0.0 is in the range specified by the destination field of an ACL rule, the specified C-RPs are designated to this multicast group range.
When you configure a rule in the IPv4 advanced ACL, follow these restrictions and guidelines:
For the rule to take effect, do not specify the vpn-instance vpn-instance option.
The source source-address source-wildcard option specifies an RP address.
The destination dest-address dest-wildcard option specifies a multicast group address.
Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure a C-RP policy on the public network so that only devices in the range of 1.1.1.1/24 can be C-RPs for the groups in the range of 225.1.1.0/24.
<Sysname> system-view [Sysname] acl advanced 3000 [Sysname-acl-ipv4-adv-3000] rule permit ip source 1.1.1.1 0.0.0.255 destination 225.1.1.0 0.0.0.255 [Sysname-acl-ipv4-adv-3000] quit [Sysname] pim [Sysname-pim] crp-policy 3000
Related commands
c-rp (PIM view)