Configure Multicast Boundary Filters

Address scoping defines domain boundary filters so that domains with RPs that have the same IP address do not leak into each other. Scoping is performed on the subnet boundaries within large domains and on the boundaries between the domain and the Internet.

You can set up an administratively scoped boundary filter on an interface for multicast group addresses. IANA has designated the multicast address range from 239.0.0.0 to 239.255.255.255 as the administratively scoped addresses. This range of addresses can be reused in domains administered by different organizations. The addresses would be considered local, not globally unique.

A standard ACL defines the range of affected addresses. When a boundary filter is set up, no multicast data packets are allowed to flow across the boundary from either direction. The boundary filter allows the same multicast group address to be reused in different administrative domains.

You can configure, examine, and filter Auto-RP discovery and announcement messages at the administratively scoped boundary. Any Auto-RP group range announcements from the Auto-RP packets that are denied by the boundary ACL are removed. An Auto-RP group range announcement is permitted and passed by the boundary filter only if all addresses in the Auto-RP group range are permitted by the boundary ACL. If any address is not permitted, the entire group range is filtered and removed from the Auto-RP message before the Auto-RP message is forwarded.

Procedure

Step 1	Choose Devices > Device Management, and edit the threat defense device.
Step 2	Choose Routing > Multicast Routing > Multicast Boundary Filter, and then click Add or Edit. Use the Add Multicast Boundary Filter dialog box to add new multicast boundary filters to the device. Use the Edit Multicast Boundary Filter dialog box to change existing parameters. You can configure a multicast boundary for administratively scoped multicast addresses. A multicast boundary restricts multicast data packet flows and enables reuse of the same multicast group address in different administrative domains. When a multicast boundary is defined on an interface, only the multicast traffic permitted by the filter ACL passes through the interface.
Step 3	From the Interface drop-down list, choose the interface for which you are configuring the multicast boundary filter ACL.
Step 4	From the Standard Access List drop-down list, choose the standard ACL you want to use, or click Add () to create a new standard ACL. See Configure Standard ACL Objects for the procedure.
Step 5	Check the Remove any Auto-RP group range announcement from the Auto-RP packets that are denied by the boundary check box to filter Auto-RP messages from sources denied by the boundary ACL. If this check box is not checked, all Auto-RP messages are passed.
Step 6	Click OK to save the multicast boundary filter configuration.