Access policies for pim-dm, Access policies for pim-dm -8 – Allied Telesis AT-8550 User Manual

Using Access Policies

12-8

In addition, suppose the administrator wants to preclude users on
the VLAN Engsvrs from seeing any multicast streams that are
generated by the VLAN Sales across the backbone. The additional
configuration of the switch labeled “Engsvrs” is as follows:

create access-profile nosales ipaddress

config access-profile nosales mode deny

config access-profile nosales add 10.2.1.0/24

config dvmrp vlan backbone import-filter

nosales

Access Policies

for PIM-DM

Because PIM-DM leverages the unicast routing capability that is
already present in the switch, the access policy capabilities are, by
nature, different. If the PIM-DM protocol is used for routing IP
multicast traffic, the switch can be configured to use an access
profile to determine any of the following:

❑ Trusted Neighbor — Use an access profile to determine

trusted PIM-DM router neighbors for the VLAN on the switch
running PIM-DM. To configure a trusted neighbor policy, use
the following command:

config pim-dm vlan [ | all]
trusted-gateway [ |
none]

Example. Using PIM-DM, the unicast access policies can be used to
restrict multicast traffic. In this example, a network similar to the
example used in the previous RIP example is also running PIM-DM.
The network administrator wants to disallow Internet access for
multicast traffic to users on the VLAN Engsvrs. This is accomplished
by preventing the learning of routes that originate from the switch
labeled “Internet” by way of PIM-DM on the switch labeled “Engsvrs.”
To configure the switch labeled “Engsvrs,” the commands would be
as follows:

create access-profile nointernet ipaddress

config access-profile nointernet mode deny

config access-profile nointernet add

10.0.0.10/32

config pim-dm vlan backbone trusted-gateway

nointernet