A colleague and I are working with a large group of customers that utilize Windows UPnP or SSDP (239.255.255.250) and the network teams want to stop UPnP from populating inet.1. The various campuses still use multicasting for other purposes. We have attempted to use a policy-option to reject from joining PIM and getting into the inet.1 table. We can see the rejects in the IGMP statistics, but inet.1 is still being populated.
set policy-options policy-statement Block_UPNP from route-filter 239.255.255.250/32 exact
set policy-options policy-statement Block_UPNP then reject
set protocols igmp interface all version
set protocols igmp interface group-policy Block_UPNP
set protocols pim import Block_UPNP
set protocols pim rp local family inet address 10.0.0.1
set protocols pim interface all mode sparse
set protocols pim interface all neighbor-policy Block_UPNP
Does anyone have a policy configuration to stop UPNP from getting into the inet.1 table? Trying to avoid stateless firewall configurations.
Thanks!
------------------------------
Keith Fletcher
------------------------------