12-14
Cisco ASDM User Guide
OL-16647-01
Chapter 12 Configuring Multicast Routing
PIM
Add/Edit/Insert Neighbor Filter Entry
The Add/Edit/Insert Neighbor Filter Entry lets you create ACL entries for the PIM neighbor filter ACL.
Fields
• Interface—Select the name of the interface the PIM neighbor filter entry applies to from the list.
• Action—Select “permit” to allow the specified neighbors to participate in PIM. Select “deny” to
prevent the specified neighbors from participating in PIM.
• Network Address—The network address of the neighbor or neighbors being permitted or denied.
• Netmask—The network mask to use with the Network Address.
Modes
The following table shows the modes in which this feature is available:
Bidirectional Neighbor Filter
The Bidirectional Neighbor Filter pane shows the PIM bidirectional neighbor filters, if any, that are
configured on the security appliance. A PIM bidirectional neighbor filters is an ACL that defines the
neighbor devices that can participate in the DF election. If a PIM bidirectional neighbor filter is not
configured for an interface, then there are no restrictions. If a PIM bidirectional neighbor filter is
configured, only those neighbors permitted by the ACL can participate in DF election process.
When a PIM bidirectional neighbor filter configuration is applied to the security appliance, an ACL
appears in the running configuration with the name interface-name_multicast, where the interface-name
is the name of the interface the multicast boundary filter is applied to. If an ACL with that name already
exists, a number is appended to the name, for example inside_multicast_1. This ACL defines which
devices can become PIM neighbors of the security appliance.
Bidirectional PIM allows multicast routers to keep reduced state information. All of the multicast routers
in a segment must be bidirectionally enabled for bidir to elect a DF.
The PIM bidirectional neighbor filters enable the transition from a sparse-mode-only network to a bidir
network by letting you specify the routers that should participate in DF election while still allowing all
routers to participate in the sparse-mode domain. The bidir-enabled routers can elect a DF from among
themselves, even when there are non-bidir routers on the segment. Multicast boundaries on the non-bidir
routers prevent PIM messages and data from the bidir groups from leaking in or out of the bidir subset
cloud.
When a PIM bidirectional neighbor filter is enabled, the routers that are permitted by the ACL are
considered to be bidir-capable. Therefore:
• If a permitted neighbor does not support bidir, the DF election does not occur.
• If a denied neighbor supports bidir, then DF election does not occur.
• If a denied neighbor does not support bidir, the DF election can occur.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——