From Network Infrastructure Policy Security Technical Implementation Guide
Part of NET2008
Associated with: CCI-001414
A multicast boundary must be established to ensure that administratively-scoped multicast traffic does not flow into or out of the IP core. The multicast boundary can be created by ensuring that COI-facing interfaces on all PIM routers are configured to block inbound and outbound administratively-scoped multicast traffic.
The administratively-scoped IPv4 multicast address space is 239.0.0.0 through 239.255.255.255. Packets addressed to administratively-scoped multicast addresses must not cross administrative boundaries. This can be accomplished by applying a multicast boundary statement to all COI-facing interfaces as shown in the following example: ip multicast-routing ! interface FastEthernet0/0 ip address 199.36.92.1 255.255.255.252 ip pim sparse-mode ip multicast boundary 1 ! access-list 1 deny 239.0.0.0 0.255.255.255 access-list 1 permit any If inbound and outbound administratively-scoped multicast traffic is not blocked, this is a finding.
Configure a multicast boundary statement at all COI-facing interfaces that has PIM enabled to block inbound and outbound administratively-scoped multicast traffic.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer