115
Usage guidelines
You can use this command to guard against BSR spoofing.
In an IPv4 basic ACL, the source keyword matches the source address in bootstrap messages.
If you specify the vpn-instance keyword in an ACL rule, the rule does not take effect. The other optional
parameters except the time-range keyword and the fragment keyword in the ACL rules are ignored.
Examples
# On the public network, configure a BSR policy so that only the devices on the subnet 10.1.1.0/24 can
act as the BSR.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255
[Sysname-acl-basic-2000] quit
[Sysname] pim
[Sysname-pim] bsr-policy 2000
Related commands
c-bsr (PIM view)
c-bsr (PIM view)
Use c-bsr to configure a candidate-BSR (C-BSR).
Use undo c-bsr to remove a C-BSR.
Syntax
c-bsr ip-address [ scope group-address { mask-length | mask } ] [ hash-length hash-length | priority
priority ] *
undo c-bsr ip-address [ scope group-address { mask-length | mask } ]
Default
No C-BSR is configured.
Views
PIM view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a C-BSR.
scope group-address: Specifies a multicast group address by its IP address in the range of 239.0.0.0 to
239.255.255.255. If you do not specify a multicast group, the command designates the C-BSR to the
global-scoped zone.
mask-length: Specifies an address mask length in the range of 8 to 32.
mask: Specifies an address mask.
hash-length hash-length: Specifies a hash mask length in the range of 0 to 32. The default setting is 30.
To Next Page
Loading...
Need help?
General
