5.2.15 - PIM Accept Register Filtering

This security feature is configured on the PIM SM Rendezvous Point and specifies the sources that are allowed to register with the RP. Remember that registration is performed by the PIM DR router, and every register message contains the original multicast packet, which includes the IP address of the multicast source and the group destination address. If the RP denies the registration, it sends a PIM Register- Stop to the DR immediately and never builds the SPT toward the source. The command to enable PIM Register message filtering is ip pim accept-register [list <Extended-ACL | route-map <Route-Map>] . The basis of filtering is an extended ACL in the format:

R1(config)# ip access-list RGISTER FILTER
R1(config-acl)# permit ip \<source-ip\> \<source-wildcard\> \<group-address\> \<group-wildcard\>
R1(config-acl)# exit

In these access-lists, we can match both sources and destination groups at the same time. For example, to permit the source 155.1.146.1 to send traffic to any group via the RP, use the entry permit ip host 155.1.146.1 224.0.0.0 15.255.255.255 . Be advised that if the RP is the DR for the same segment, this filtering will not work. In newer versions of IOS code, a route-map can no longer be used with the ip pim accept-register command. The only parameter that can be used to do filtering with this command is an access-list, such as how this task uses it.

Here is an example:

R1(config)# ip access-list extended SOURCES
R1(config-extd-acl)# permit ip host 155.1.146.6 any
R1(config-extd-acl)# deny ip 155.1.146.0 0.0.0.255 any
R1(config-extd-acl)# permit ip any any
R1(config-extd-acl)# exit
R1(config)# ip pim accept-register list SOURCES
R1(config)# exit

Auto-RP & BSR Boundary Filtering PIM Accept RP Filtering