118
Usage guidelines
You can use this command to guard against C-RP spoofing.
In an IPv4 advanced ACL, the source and destination keywords match the RP address and multicast
group address in C-RP advertisement messages, respectively. If you do not specify the source keyword in
rules, all C-RPs are considered to be legal. If you do not specify the destination keyword in any rules, the
C-RPs are designated to all multicast groups.
If you specify the vpn-instance keyword in an ACL rule, the rule does not take effect. The other optional
parameters except the time-range keyword and the fragment keyword in the ACL rules are ignored.
When the switch compares the advertisement message against the destination field in the ACL, it uses
only the prefix of the multicast group range in the advertisement message. For example, the multicast
group range specified in a C-RP advertisement message is 224.1.0.0/16. If the prefix 224.1.0.0 is in the
multicast group range specified in the destination field of the ACL, the advertisement message passes the
filtering. Otherwise, the advertisement message is discarded.
Examples
# On the public network, configure a C-RP policy so that only devices in the address range of 1.1.1.1/24
can be C-RPs for groups in the range of 225.1.1.0/24.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit ip source 1.1.1.1 0.0.0.255 destination 225.1.1.0
0.0.0.255
[Sysname-acl-adv-3000] quit
[Sysname] pim
[Sysname-pim] crp-policy 3000
Related commands
c-rp (PIM view)
display interface register-tunnel
Use display interface register-tunnel to display register-tunnel interface information.
Syntax
display interface [ register-tunnel [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
register-tunnel: Displays information about the register-tunnel interface. If you do not specify this
keyword, the command displays information about all interfaces.
interface-number: Specifies a register-tunnel interface by its number. The switch has only one
register-tunnel interface, and the value for this argument is fixed at 0. The command always displays
information about Register-Tunnel 0 when you specify the register-tunnel keyword, regardless of whether
you specify an interface number.