[x]

MSDP commands > peer sa-policy

 

 Next

peer sa-policy

Use peer sa-policy to configure an SA incoming or outgoing policy for an MSDP peer.

Use undo peer sa-policy to delete the SA incoming or outgoing policy for an MSDP peer.

Syntax

peer peer-address sa-policy { export | import } [ acl ipv4-acl-number ]

undo peer peer-address sa-policy { export | import }

Default

No SA incoming or outgoing policy exists, and all SA messages from an MSDP peer are accepted or forwarded.

Views

MSDP view

Predefined user roles

network-admin

Parameters

peer-address: Specifies an MSDP peer by its IP address.

export: Specifies the outgoing direction.

import: Specifies the incoming direction.

ipv4-acl-number: Specifies an IPv4 advanced ACL number in the range of 3000 to 3999. If you specify an ACL, the device accepts and forwards only SA messages that the ACL permits. The device discards all SA messages when one of the following conditions exists:

Usage guidelines

This command filters SA messages from a specified MSDP peer to control the acceptance or forwarding of SA messages. To control the creation of SA messages, use the import-source command.

When you configure a rule in the IPv4 advanced ACL, follow these restrictions and guidelines:

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Configure an SA outgoing policy to forward only SA messages that ACL 3100 permits to MSDP peer 125.10.7.6 on the public network. 

<Sysname> system-view
[Sysname] acl advanced 3100
[Sysname-acl-ipv4-adv-3100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255
[Sysname-acl-ipv4-adv-3100] quit
[Sysname] msdp
[Sysname-msdp] peer 125.10.7.6 connect-interface vlan-interface 100
[Sysname-msdp] peer 125.10.7.6 sa-policy export acl 3100

Related commands

display msdp peer-status

import-source

prev

 

up

 next

peer sa-cache-maximum 

home

 peer sa-request-policy

© Copyright 2017 Hewlett Packard Enterprise Development LP