Configuring a bidirectional neighbor filter – Cisco ASA 5505 User Manual
Page 505
26-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 26 Configuring Multicast Routing
Customizing Multicast Routing
Configuring a Bidirectional Neighbor Filter
The Bidirectional Neighbor Filter pane shows the PIM bidirectional neighbor filters, if any, that are
configured on the ASA. A PIM bidirectional neighbor filter is an ACL that defines the neighbor devices
that can participate in the DF election. If a PIM bidirectional neighbor filter is not configured for an
interface, then there are no restrictions. If a PIM bidirectional neighbor filter is configured, only those
neighbors permitted by the ACL can participate in the DF election process.
When a PIM bidirectional neighbor filter configuration is applied to the ASA, an ACL appears in the
running configuration with the name interface-name_multicast, in which the interface-name is the name
of the interface to which the multicast boundary filter is applied. If an ACL with that name already exists,
a number is appended to the name (for example, inside_multicast_1). This ACL defines which devices
can become PIM neighbors of the ASA.
Bidirectional PIM allows multicast routers to keep reduced state information. All of the multicast routers
in a segment must be bidirectionally enabled for bidir to elect a DF.
The PIM bidirectional neighbor filters enable the transition from a sparse-mode-only network to a bidir
network by letting you specify the routers that should participate in the DF election, while still allowing
all routers to participate in the sparse-mode domain. The bidir-enabled routers can elect a DF from
among themselves, even when there are non-bidir routers on the segment. Multicast boundaries on the
non-bidir routers prevent PIM messages and data from the bidir groups from leaking in or out of the bidir
subset cloud.
When a PIM bidirectional neighbor filter is enabled, the routers that are permitted by the ACL are
considered to be bidirectionally capable. Therefore, the following is true:
•
If a permitted neighbor does not support bidir, then the DF election does not occur.
•
If a denied neighbor supports bidir, then the DF election does not occur.
•
If a denied neighbor does not support bidir, the DF election can occur.
To define the neighbors that can become a PIM bidirectional neighbor filter, perform the following steps:
Detailed Steps
Command
Purpose
Step 1
access-list pim_nbr deny
router-IP_addr
PIM neighbor
Example:
hostname(config)# access-list pim_nbr deny
10.1.1.1 255.255.255.255
Uses a standard access list to define the routers that you want to
have participate in PIM.
In the example, the following access list, when used with the pim
neighbor-filter command, prevents the 10.1.1.1 router from
becoming a PIM neighbor.
Step 2
pim bidirectional-neighbor-filter pim_nbr
Example:
hostname(config)# interface
GigabitEthernet0/3
hostname(config-if)# pim bidirectional
neighbor-filter pim_nbr
Filters neighbor routers.
In the example, the 10.1.1.1 router is prevented from becoming a
PIM bidirectional neighbor on interface GigabitEthernet0/3.