Title

A Protocol Independent Multicast (PIM) neighbor filter must be implemented to restrict and control multicast traffic. (Cat III impact)

Discussion

Protocol Independent Multicast (PIM) is a routing protocol that is used by the IP core for forwarding multicast traffic. PIM traffic must be limited to only known PIM neighbors by configuring and binding a PIM neighbor filter to those interfaces that have PIM enabled.

Check Content

Step 1: Verify that an ACL is configured that will specify the allowable PIM neighbors similar to the following example. ip access-list standard pim-neighbors permit 192.0.2.1 permit 192.0.2.3 Step 2: Verify that a pim neighbor-filter command is configured on all PIM enabled interfaces that is referencing the PIM neighbor ACL similar to the following example: interface GigabitEthernet0/3 ip address 192.0.2.2 255.255.255.0 pim neighbor-filter pim-neighbors If PIM neighbor filter is not bound to interfaces that have PIM enabled, this is a finding.

Fix Text

The router administrator configures and binds a PIM neighbor filter to those interfaces that have PIM enabled.

Additional Identifiers

Rule ID: SV-251389r806122_rule

Vulnerability ID: V-251389

Group Title: NET2007

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.