Solved: Re:Cat4500 Sup7: Howto limit rendezvous points connecting to boo

thorsten.steffen · ‎05-22-2013

Hi,

in testlab we use pim-sm with bootstrap router on sup7 with IOS-XE 03.04.00.SG

Does anybody know if there is a possibility to prevent non authorized rp from connecting to the candidate bootstrap routers?

We found several security recommendations concering limiting registering of sources at the rp, rate-limits etc, but no possibility to control rp connecting to the bsr.

Best Regards,

Thorsten

Simon Brooks · ‎05-22-2013

Are you sure;

ip pim bsr-candidate loopback [interface-number] [ hash-mask-length ] [priority] [accept-rp-candidate

Use the accept rp to filter via acl?

Simon

View solution in original post

Simon Brooks · ‎05-22-2013

Is this what you are looking for?

http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti/command/imc_i3.html#wp4057542967

Sent from Cisco Technical Support Android App

thorsten.steffen · ‎05-22-2013

I don't think so.

We want to allow only our defined rp to connect to the bsr. I hoped we can do this by an access-list similar to the way you can filter sources/groups from being registered at the rp with

ip pim accept-register list

Simon Brooks · ‎05-22-2013

Are you sure;

ip pim bsr-candidate loopback [interface-number] [ hash-mask-length ] [priority] [accept-rp-candidate

Use the accept rp to filter via acl?

Simon

thorsten.steffen · ‎05-22-2013

sorry, my mistake, first time I followed your link my browser pointed to a wrong part of the document.

perfect, that's what I was looking for.

I'll test it.

Many thanks

Cat4500 Sup7: Howto limit rendezvous points connecting to bootstrap router candidates?