The multicast domain must block inbound and outbound administratively-scoped multicast traffic at the edge.
A multicast boundary must be established to ensure that administratively-scoped multicast traffic does not flow into or out of the IP core. The multicast boundary can be created by ensuring that COI-facing interfaces on all PIM routers are configured to block inbound and outbound administratively-scoped multicast traffic.
The administratively-scoped IPv4 multicast address space is 18.104.22.168 through 22.214.171.124. Packets addressed to administratively-scoped multicast addresses must not cross administrative boundaries. This can be accomplished by applying a multicast boundary statement to all COI-facing interfaces as shown in the following example:
ip multicast-routing ! interface FastEthernet0/0 ip address 126.96.36.199 255.255.255.252 ip pim sparse-mode ip multicast boundary 1 ! access-list 1 deny 188.8.131.52 0.255.255.255 access-list 1 permit any
If inbound and outbound administratively-scoped multicast traffic is not blocked, this is a finding.
Fix Text (F-72445r1_fix)
Configure a multicast boundary statement at all COI-facing interfaces that has PIM enabled to block inbound and outbound administratively-scoped multicast traffic.