Cisco ASA 5505 Configuration Manual page 465

Chapter 24 Configuring Multicast Routing
Choosing Permit allows the multicast group advertisements through the interface. Choosing Deny
prevents the specified multicast group advertisements from passing through the interface. When a
multicast boundary is configured on an interface, all multicast traffic is prevented from passing through
the interface unless permitted with a neighbor filter entry.
In the IP Address text field, enter the IP address of the multicast PIM group being permitted or denied.
Step 5
Valid group addresses are from 224.0.0.0 to 239.255.255.255.255.
From the Netmask drop-down list, choose the netmask for the multicast group address.
Step 6
Click OK.
Step 7
Configuring a Bidirectional Neighbor Filter
The Bidirectional Neighbor Filter pane shows the PIM bidirectional neighbor filters, if any, that are
configured on the adaptive security appliance. A PIM bidirectional neighbor filters is an ACL that
defines the neighbor devices that can participate in the DF election. If a PIM bidirectional neighbor filter
is not configured for an interface, then there are no restrictions. If a PIM bidirectional neighbor filter is
configured, only those neighbors permitted by the ACL can participate in DF election process.
When a PIM bidirectional neighbor filter configuration is applied to the adaptive security appliance, an
ACL appears in the running configuration with the name interface-name_multicast, to which the
interface-name is the name of the interface the multicast boundary filter is applied. If an ACL with that
name already exists, a number is appended to the name, for example inside_multicast_1. This ACL
defines which devices can become PIM neighbors of the adaptive security appliance.
Bidirectional PIM allows multicast routers to keep reduced state information. All of the multicast routers
in a segment must be bidirectionally enabled for bidir to elect a DF.
The PIM bidirectional neighbor filters enable the transition from a sparse-mode-only network to a bidir
network by letting you specify the routers that should participate in DF election while still allowing all
routers to participate in the sparse-mode domain. The bidir-enabled routers can elect a DF from among
themselves, even when there are non-bidir routers on the segment. Multicast boundaries on the non-bidir
routers prevent PIM messages and data from the bidir groups from leaking in or out of the bidir subset
cloud.
When a PIM bidirectional neighbor filter is enabled, the routers that are permitted by the ACL are
considered to be bidirectionally capable. Therefore:
•
•
•
To define the neighbors that can become a PIM bidirectional neighbor filter, perform the following steps:
Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > Multicast > PIM >
Bidirectional Neighbor Filter.
The PIM Bidirectional Neighbor Filter table contains the following entries. Double-click an entry to
open the Edit Bidirectional Neighbor Filter Entry dialog box for that entry.
Choose the PIM neighbor that you want to configure from the table, by clicking Add/Edit/Insert.
Step 2
The Add/Edit/Insert Bidirectional Neighbor Filter Entry dialog box lets you create ACL entries for the
PIM bidirectional neighbor filter ACL
OL-20339-01
If a permitted neighbor does not support bidir, the DF election does not occur.
If a denied neighbor supports bidir, then DF election does not occur.
If a denied neighbor does not support bidir, the DF election can occur.
Cisco ASA 5500 Series Configuration Guide using ASDM
Customizing Multicast Routing
24-15