Table of Contents
Advertisement
Using Access Policies
Access Policies
for PIM-DM
12-8
In addition, suppose the administrator wants to preclude users on
the VLAN Engsvrs from seeing any multicast streams that are
generated by the VLAN Sales across the backbone. The additional
configuration of the switch labeled "Engsvrs" is as follows:
create access-profile nosales ipaddress
config access-profile nosales mode deny
config access-profile nosales add 10.2.1.0/24
config dvmrp vlan backbone import-filter
nosales
Because PIM-DM leverages the unicast routing capability that is
already present in the switch, the access policy capabilities are, by
nature, different. If the PIM-DM protocol is used for routing IP
multicast traffic, the switch can be configured to use an access
profile to determine any of the following:
Trusted Neighbor — Use an access profile to determine
trusted PIM-DM router neighbors for the VLAN on the switch
running PIM-DM. To configure a trusted neighbor policy, use
the following command:
config pim-dm vlan [<name> | all]
trusted-gateway [<access_profile> |
none]
Example. Using PIM-DM, the unicast access policies can be used to
restrict multicast traffic. In this example, a network similar to the
example used in the previous RIP example is also running PIM-DM.
The network administrator wants to disallow Internet access for
multicast traffic to users on the VLAN Engsvrs. This is accomplished
by preventing the learning of routes that originate from the switch
labeled "Internet" by way of PIM-DM on the switch labeled "Engsvrs."
To configure the switch labeled "Engsvrs," the commands would be
as follows:
create access-profile nointernet ipaddress
config access-profile nointernet mode deny
config access-profile nointernet add
10.0.0.10/32
config pim-dm vlan backbone trusted-gateway
nointernet
Advertisement
Table of Contents
