Configuring a hello message filter – H3C Technologies H3C S7500E Series Switches User Manual

6-37

help implement traffic control on one hand, and control the information available to receivers

downstream to enhance data security on the other hand.

Follow these steps to configure a multicast data filter:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter public instance PIM view

or VPN instance PIM view

pim [ vpn-instance

vpn-instance-name ]

—

Configure a multicast group

filter

source-policy acl-number

Required

No multicast data filter by

default

z

Generally, a smaller distance from the filter to the multicast source results in a more

remarkable filtering effect.

z

This filter works not only on independent multicast data but also on multicast data

encapsulated in register messages.

Configuring a Hello Message Filter

Along with the wide applications of PIM, the security requirement for the protocol is becoming

more and more demanding. The establishment of correct PIM neighboring relationships is the

prerequisite for secure application of PIM. You can configure a legal source address range for

hello messages on interfaces of routers to ensure the correct PIM neighboring relationships,

and thus to guard against PIM message attacks.

Follow these steps to configure a hello message filter:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type

interface-number

—

Configure a hello message filter

pim neighbor-policy acl-number

Required

No hello message filter by

default.