crp-policy (IPv6 PIM view)
Use crp-policy to configure a C-RP policy to define the legal C-RP address range and the IPv6 multicast
group range to which the C-RP is designated.
Use undo crp-policy to remove the configuration.
Syntax
crp-policy acl6-number
undo crp-policy
Default
C-RP policies are not configured, and all received C-RP messages are regarded as legal.
Views
IPv6 PIM view
Predefined user roles
network-admin
Parameters
acl6-number: Specifies an IPv6 advanced ACL number in the range of 3000 to 3999.
Usage guidelines
You can configure this command to guard against C-RP spoofing.
In an IPv6 advanced ACL, the source and destination keywords match the RP address and multicast
group address in C-RP advertisement messages, respectively. If you do not specify the source keyword in
rules, all C-RPs are considered to be legal. If you do not specify the destination keyword in rules, the
C-RPs are designated to all IPv6 multicast groups.
If you specify the vpn-instance keyword in an ACL rule, the rule does not take effect. The other optional
parameters except the time-range keyword and the fragment keyword in the ACL rules are ignored.
When the device compares the advertisement message against the destination field in the ACL, it uses
only the prefix of the IPv6 multicast group range in the advertisement message. For example, the IPv6
multicast group range specified in a C-RP advertisement message is FF0E:0:1::/96. If the prefix FF0E:0:1::
is in the IPv6 multicast group range specified in the destination field of the ACL, the advertisement
message passes the filtering. Otherwise, the advertisement message is discarded.
Examples
# On the public network, configure a C-RP policy so that only devices in the address range of
2001::2/64 can be C-RPs for the IPv6 multicast group range FF03::101/64.
<Sysname> system-view
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule permit ipv6 source 2001::2 64 destination ff03::101 64
[Sysname-acl6-adv-3000] quit
[Sysname] ipv6 pim
[Sysname-pim6] crp-policy 3000
Related commands
c-rp (IPv6 PIM view)
304
To Next Page
Loading...
Need help?
General
